Dll

The creation of a DLL file within PowerShell module directories can indicate malicious PowerShell activity, such as installing new modules or attempts at ScriptBlock smuggling, and this activity is detected using Sysmon Event ID 11.

The IOBit Unlocker Extension DLL is being registered via regsvr32.exe, a Windows utility used to unlock files or folders by terminating locking processes, which could be abused for malicious purposes.