1786d9bdb752a866bba3beaa27f0b6e635e4c6449bcc32105539551758186492

Analysis

max time kernel
5s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28-04-2024 03:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AntivirusDefender-main/AntivirusDefender/AntivirusDefender/bin/Debug/defender.exe
Size

10.6MB
MD5

7acbd34db0aa98d2a0cc3ea8716b12b5
SHA1

842d24df65449d5722b387f0a28cb746cf615e69
SHA256

3bdab09c77fda2c0afe9cafd76202cd33f9a1d7adee9e437a931d2ba366ebf87
SHA512

1f564735bb1596a6ba5d1b6654fc3b90a9707117b048d54a1c54324eea5d634dbcfbdff366ef1d65598507660295008f8434054c3f53412cacf49c55aff208d2
SSDEEP

196608:DbxNMGrnhzvYf9EfmiAf1qkB8I9r1UhraBMBMBR:bMGr4+BAf1qC1caBMWBR

Score

10^/10

evasion persistence trojan

Malware Config

Signatures

UAC bypass 3 TTPs 8 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe

Checks computer location settings 2 TTPs 9 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	defender.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	defender.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	defender.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	defender.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	defender.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	defender.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	defender.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	defender.exe
Key value queried	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\Control Panel\International\Geo\Nation	defender.exe

Executes dropped EXE 1 IoCs

pid	Process
1012	antivirusfalsepositivetest3.exe

Adds Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyStartupValue = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	antivirusfalsepositivetest3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-17203666-93769886-2545153620-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe

Checks whether UAC is enabled 1 TTPs 16 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 37 IoCs

pid	pid_target	Process	procid_target
11436	6812	WerFault.exe	173
11828	11160	WerFault.exe	317
12184	6420	WerFault.exe	193
9548	5720	WerFault.exe	190
11268	5896	WerFault.exe	325
11924	11248	WerFault.exe	321
10648	8272	WerFault.exe	236
4360	8920	WerFault.exe	256
1768	8900	WerFault.exe	449
8464	7800	WerFault.exe	618
3612	5340	WerFault.exe	137
10848	5992	WerFault.exe	152
7868	5400	WerFault.exe	165
10232	7996	WerFault.exe	756
7976	7372	WerFault.exe	794
11888	5700	WerFault.exe	786
9660	8928	WerFault.exe	767
8936	6136	Process not Found	1096
7852	6152	Process not Found	1074
11852	13016	Process not Found	1093
2672	7144	Process not Found	1118
8416	13220	Process not Found	1123
392	6920	Process not Found	1122
5976	9792	Process not Found	1099
14604	8364	Process not Found	1129
14776	11300	Process not Found	1154
3284	4500	Process not Found	1232
5216	14152	Process not Found	1258
7976	1172	Process not Found	1106
5992	7368	Process not Found	1272
15572	5948	Process not Found	1482
12776	7908	Process not Found	1720
4832	12340	Process not Found	1645
6372	12304	Process not Found	1638
4556	9880	Process not Found	1398
15780	10144	Process not Found	1615
5248	11960	Process not Found	1138

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2784	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
4296	defender.exe
4296	defender.exe
4296	defender.exe
4296	defender.exe
4296	defender.exe
2784	defender.exe
2784	defender.exe
4132	defender.exe
4132	defender.exe
4132	defender.exe
4132	defender.exe
4132	defender.exe
4296	defender.exe
4296	defender.exe
2784	defender.exe
2784	defender.exe
2784	defender.exe
4132	defender.exe
4132	defender.exe
2680	defender.exe
2680	defender.exe
2680	defender.exe
2680	defender.exe
2680	defender.exe
4296	defender.exe
4296	defender.exe
4296	defender.exe
4296	defender.exe
4296	defender.exe
4132	defender.exe
4132	defender.exe
2680	defender.exe
2680	defender.exe
4132	defender.exe
4132	defender.exe
4296	defender.exe
4296	defender.exe
4132	defender.exe
4132	defender.exe
4132	defender.exe
2784	defender.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3108	shutdown.exe
Token: SeRemoteShutdownPrivilege	3108	shutdown.exe
Token: SeDebugPrivilege	2784	defender.exe
Token: SeDebugPrivilege	4296	defender.exe
Token: SeDebugPrivilege	4132	defender.exe
Token: SeShutdownPrivilege	5052	shutdown.exe
Token: SeRemoteShutdownPrivilege	5052	shutdown.exe
Token: SeDebugPrivilege	2680	defender.exe
Token: SeShutdownPrivilege	4224	shutdown.exe
Token: SeRemoteShutdownPrivilege	4224	shutdown.exe
Token: SeDebugPrivilege	3860	defender.exe
Token: SeShutdownPrivilege	3364	shutdown.exe
Token: SeRemoteShutdownPrivilege	3364	shutdown.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 3108	2784	defender.exe	85
PID 2784 wrote to memory of 3108	2784	defender.exe	85
PID 2784 wrote to memory of 3108	2784	defender.exe	85
PID 2784 wrote to memory of 4688	2784	defender.exe	88
PID 2784 wrote to memory of 4688	2784	defender.exe	88
PID 2784 wrote to memory of 4688	2784	defender.exe	88
PID 2784 wrote to memory of 1012	2784	defender.exe	90
PID 2784 wrote to memory of 1012	2784	defender.exe	90
PID 2784 wrote to memory of 1012	2784	defender.exe	90
PID 2784 wrote to memory of 1984	2784	defender.exe	91
PID 2784 wrote to memory of 1984	2784	defender.exe	91
PID 2784 wrote to memory of 1984	2784	defender.exe	91
PID 2784 wrote to memory of 1672	2784	defender.exe	92
PID 2784 wrote to memory of 1672	2784	defender.exe	92
PID 2784 wrote to memory of 1672	2784	defender.exe	92
PID 2784 wrote to memory of 4296	2784	defender.exe	94
PID 2784 wrote to memory of 4296	2784	defender.exe	94
PID 2784 wrote to memory of 4296	2784	defender.exe	94
PID 2784 wrote to memory of 4132	2784	defender.exe	96
PID 2784 wrote to memory of 4132	2784	defender.exe	96
PID 2784 wrote to memory of 4132	2784	defender.exe	96
PID 2784 wrote to memory of 2680	2784	defender.exe	97
PID 2784 wrote to memory of 2680	2784	defender.exe	97
PID 2784 wrote to memory of 2680	2784	defender.exe	97
PID 2784 wrote to memory of 3860	2784	defender.exe	98
PID 2784 wrote to memory of 3860	2784	defender.exe	98
PID 2784 wrote to memory of 3860	2784	defender.exe	98
PID 2784 wrote to memory of 1140	2784	defender.exe	99
PID 2784 wrote to memory of 1140	2784	defender.exe	99
PID 2784 wrote to memory of 1140	2784	defender.exe	99
PID 2784 wrote to memory of 884	2784	defender.exe	1674
PID 2784 wrote to memory of 884	2784	defender.exe	1674
PID 2784 wrote to memory of 884	2784	defender.exe	1674
PID 4296 wrote to memory of 5052	4296	defender.exe	1475
PID 4296 wrote to memory of 5052	4296	defender.exe	1475
PID 4296 wrote to memory of 5052	4296	defender.exe	1475
PID 2784 wrote to memory of 3884	2784	defender.exe	477
PID 2784 wrote to memory of 3884	2784	defender.exe	477
PID 2784 wrote to memory of 3884	2784	defender.exe	477
PID 4132 wrote to memory of 3364	4132	defender.exe	2782
PID 4132 wrote to memory of 3364	4132	defender.exe	2782
PID 4132 wrote to memory of 3364	4132	defender.exe	2782
PID 2680 wrote to memory of 4224	2680	defender.exe	105
PID 2680 wrote to memory of 4224	2680	defender.exe	105
PID 2680 wrote to memory of 4224	2680	defender.exe	105
PID 2784 wrote to memory of 3684	2784	defender.exe	1070
PID 2784 wrote to memory of 3684	2784	defender.exe	1070
PID 2784 wrote to memory of 3684	2784	defender.exe	1070
PID 2784 wrote to memory of 4660	2784	defender.exe	109
PID 2784 wrote to memory of 4660	2784	defender.exe	109
PID 2784 wrote to memory of 4660	2784	defender.exe	109
PID 4296 wrote to memory of 3468	4296	defender.exe	4066
PID 4296 wrote to memory of 3468	4296	defender.exe	4066
PID 4296 wrote to memory of 3468	4296	defender.exe	4066
PID 4296 wrote to memory of 1188	4296	defender.exe	1532
PID 4296 wrote to memory of 1188	4296	defender.exe	1532
PID 4296 wrote to memory of 1188	4296	defender.exe	1532
PID 3860 wrote to memory of 3992	3860	defender.exe	651
PID 3860 wrote to memory of 3992	3860	defender.exe	651
PID 3860 wrote to memory of 3992	3860	defender.exe	651
PID 4132 wrote to memory of 3856	4132	defender.exe	116
PID 4132 wrote to memory of 3856	4132	defender.exe	116
PID 4132 wrote to memory of 3856	4132	defender.exe	116
PID 884 wrote to memory of 544	884	defender.exe	1871

System policy modification 1 TTPs 8 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe

C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
"C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
1⤵
- UAC bypass
- Checks computer location settings
- Adds Run key to start application
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
PID:2784
- C:\Windows\SysWOW64\shutdown.exe
  "C:\Windows\System32\shutdown.exe" /r /t 30
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3108
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe" "C:\Users\Admin\defender.exe" & pause
  2⤵
  PID:4688
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:1012
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe" "C:\Users\Admin\antivirusfalsepositivetest3.exe" & pause
  2⤵
  PID:1984
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest4.exe" "C:\Users\Admin\antivirusfalsepositivetest4.exe" & pause
  2⤵
  PID:1672
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - UAC bypass
  - Checks computer location settings
  - Adds Run key to start application
  - Checks whether UAC is enabled
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  - System policy modification
  PID:4296
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:5052
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe" "C:\Users\Admin\antivirusfalsepositivetest3.exe" & pause
    3⤵
    PID:3468
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:1188
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5188
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:9820
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:11824
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:1992
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:11044
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6420
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:8584
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 1528
        5⤵
        Program crash
        
        PID:12184
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8820
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:9160
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11496
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:12264
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:1508
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:6820
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8028
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:11752
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9792
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11612
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8024
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:8564
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe"
      4⤵
      PID:8148
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10872
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:10604
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12080
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9628
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13224
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8288
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10424
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:7012
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13608
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:14092
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13376
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12944
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:3272
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7896
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:11948
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8508
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:10376
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5360
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:9500
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8168
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:9220
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe"
      4⤵
      PID:11656
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7720
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8868
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11220
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5700
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 752
        5⤵
        Program crash
        
        PID:11888
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11028
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13072
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11144
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10304
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13016
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7144
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12948
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:14000
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12624
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5984
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5064
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:6940
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11304
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7732
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5340
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9560
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:11664
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12216
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9220
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8452
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe"
      4⤵
      PID:10348
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10984
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10552
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10384
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:884
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:9704
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:14084
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8176
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:12816
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10360
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 1924
      4⤵
      Program crash
      PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12556
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:4604
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10148
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:9516
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13160
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:8176
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:8988
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6632
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12940
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6152
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8412
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12792
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13676
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:14108
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13528
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:14152
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5780
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:8388
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5896
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 824
        5⤵
        Program crash
        
        PID:11268
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5892
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:9856
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8848
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11440
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5720
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:11180
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 1560
      4⤵
      Program crash
      PID:9548
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:2264
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:11660
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10208
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:6008
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:12224
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - UAC bypass
  - Checks computer location settings
  - Adds Run key to start application
  - Checks whether UAC is enabled
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  - System policy modification
  PID:4132
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3364
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:3856
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7164
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:11172
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7488
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10232
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12240
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:4784
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:1408
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:2188
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:4232
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:544
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7304
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8656
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe"
        5⤵
        
        PID:4652
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10516
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:8716
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11876
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:1280
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:7152
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8272
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 1436
        5⤵
        Program crash
        
        PID:10648
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10352
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:3892
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:4396
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8984
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe"
        5⤵
        
        PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:8976
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:7968
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11152
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7648
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10920
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:8676
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:12040
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10580
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13116
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13600
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13744
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10148
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:9236
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:9048
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5408
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:8280
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8204
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:2496
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:8648
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10316
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:9004
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:6812
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:10340
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 1508
      4⤵
      Program crash
      PID:11436
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8012
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:11776
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:2312
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:9888
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:3252
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:6676
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:11484
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - UAC bypass
  - Checks computer location settings
  - Adds Run key to start application
  - Checks whether UAC is enabled
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  - System policy modification
  PID:2680
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:4224
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5020
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:7288
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9276
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10244
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11084
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7012
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:4724
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:6868
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7340
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:8188
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:7612
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10080
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11768
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:9908
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:12020
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:12920
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:12624
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:11300
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:13956
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:5416
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:10408
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:12024
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:4512
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:12316
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:12996
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5484
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:6952
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10980
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:4976
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:1940
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:11276
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe"
      4⤵
      PID:7624
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8692
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10932
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:10544
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:3356
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:13132
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12048
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12520
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:10704
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:3684
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:5128
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:12776
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6504
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:6020
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:8744
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5688
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:6536
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:9148
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:7524
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8516
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:11248
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 11248 -s 780
      4⤵
      Program crash
      PID:11924
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:11468
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8900
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 852
      4⤵
      Program crash
      PID:1768
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - UAC bypass
  - Checks computer location settings
  - Adds Run key to start application
  - Checks whether UAC is enabled
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  - System policy modification
  PID:3860
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:3992
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5128
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7696
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:9780
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:7272
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:13264
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:13020
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:9792
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:5936
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:6404
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:3604
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:9544
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10440
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:9028
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10552
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:13188
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11596
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:11080
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe"
      4⤵
      PID:8036
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6032
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5416
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:7404
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9648
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:7764
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:9420
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11476
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7464
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5992
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:8360
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10404
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8344
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe"
      4⤵
      PID:7948
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9028
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5420
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 1532
      4⤵
      Program crash
      PID:10848
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11928
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:6528
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:10292
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:7532
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:11732
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8912
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10660
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8056
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:11052
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5868
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:13108
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:2188
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:9284
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:9504
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:6980
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10840
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5988
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:13288
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8936
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:9760
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5692
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:14076
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:12128
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:7368
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - UAC bypass
  - Checks computer location settings
  - Checks whether UAC is enabled
  - System policy modification
  PID:1140
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:3712
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5372
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:7540
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9704
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9492
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:2472
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:11312
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe"
      4⤵
      PID:8464
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7848
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:7372
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 844
        6⤵
        Program crash
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe"
      4⤵
      PID:7800
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 844
        5⤵
        Program crash
        
        PID:8464
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6684
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10428
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5792
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:6940
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11160
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 11160 -s 824
        5⤵
        Program crash
        
        PID:11828
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8120
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:8204
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe"
      4⤵
      PID:8492
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10936
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:4556
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5716
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12296
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13204
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:2096
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:5360
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:6008
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:11216
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:7264
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:8168
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7772
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10300
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:12200
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10048
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:6532
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe"
    3⤵
    PID:3268
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:2604
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5452
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:9144
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:12540
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:2320
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:7760
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:6416
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:7740
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8280
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:12648
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8364
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:13576
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:14332
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:6400
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:13320
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - UAC bypass
  - Checks computer location settings
  - Checks whether UAC is enabled
  - Suspicious use of WriteProcessMemory
  - System policy modification
  PID:884
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:544
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5316
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:7736
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10224
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:5656
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12232
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5396
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7632
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe"
      4⤵
      PID:11572
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe"
      4⤵
      PID:11852
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6604
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8052
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7784
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8428
    - - C:\Windows\SysWOW64\fondue.exe
        
        "C:\Windows\system32\fondue.exe" /enable-feature: /caller-name:mscoreei.dll
        5⤵
        
        PID:5460
      - C:\Windows\system32\FonDUE.EXE
        
        "C:\Windows\sysnative\FonDUE.EXE" /enable-feature: /caller-name:mscoreei.dll
        6⤵
        
        PID:10176
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9964
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10872
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9372
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5800
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:7080
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12248
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8520
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5400
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:9712
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9068
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10572
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:9636
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 1584
      4⤵
      Program crash
      PID:7868
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:1664
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:7360
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8376
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:9608
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11376
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe"
      4⤵
      PID:7992
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9612
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:10192
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest4.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest4.exe"
      4⤵
      PID:9972
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7336
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10752
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12324
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13216
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5260
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13648
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:7968
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13980
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13300
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:4520
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10300
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13408
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6328
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10356
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:12192
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:2548
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:6780
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:9628
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:2360
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:7284
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:5912
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8800
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8136
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - UAC bypass
  - Checks computer location settings
  - Checks whether UAC is enabled
  - System policy modification
  PID:3884
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:448
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5692
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:8292
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8228
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:3388
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:8664
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11724
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5256
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:9376
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7960
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:6996
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:10644
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8020
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:9656
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:11588
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:7428
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - Checks computer location settings
  PID:3684
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:4028
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:2732
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10936
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe"
      4⤵
      PID:7268
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9512
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8184
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:7632
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13248
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8928
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 1500
        5⤵
        Program crash
        
        PID:9660
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10816
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9492
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12548
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13748
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12032
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6804
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6136
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12848
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:14008
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12872
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:7004
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:10724
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8036
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:11740
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:4644
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:9696
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:9592
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10740
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6464
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:12756
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:3864
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8664
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11260
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10604
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6412
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:4716
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:5488
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11492
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6000
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:11384
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:12208
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:4660
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:5348
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:1648
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:9800
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7796
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7272
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:7112
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:10468
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:1528
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:11896
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe"
      4⤵
      PID:8488
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10868
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8544
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:4352
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:768
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6152
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:12916
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6444
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12332
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11292
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7304
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10408
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9888
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12344
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9684
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9368
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11960
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:1248
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8808
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12772
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:9912
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:3760
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8116
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9136
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:12856
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10148
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:2912
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:10300
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13208
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10332
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10656
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8600
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8764
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8468
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7032
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:11392
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:9208
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:4336
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:2552
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:6160
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:7280
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5916
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10284
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:11172
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:5076
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:5456
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8904
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:5388
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10712
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:7496
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:5136
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:6948
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:7892
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:8812
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:1124
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe"
      4⤵
      PID:10808
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7308
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:12588
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:9224
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:8748
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:12364
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:11436
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8372
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12340
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9220
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9812
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8860
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5820
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12908
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13936
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:12860
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:1172
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:14016
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10112
    - - C:\Windows\SysWOW64\fondue.exe
        
        "C:\Windows\system32\fondue.exe" /enable-feature: /caller-name:mscoreei.dll
        5⤵
        
        PID:13636
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11336
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:9532
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10604
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:14048
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:7768
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:412
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:12256
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:1476
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:11804
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:5424
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:7844
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:9864
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:9276
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:11572
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:7956
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:5940
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:8224
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8424
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:6536
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:4904
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:6544
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:10216
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:12032
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12120
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7192
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:9072
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:5952
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:7516
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:11884
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe"
    3⤵
    PID:8356
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:2916
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:2416
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:9032
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:7996
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 752
      4⤵
      Program crash
      PID:10232
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:6972
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10000
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:12472
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:10336
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12996
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13568
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11144
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12368
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8288
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:6612
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:9836
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8000
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:13440
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:13468
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:13792
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:11436
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:8920
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:11864
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5236
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 1732
    3⤵
    - Program crash
    PID:4360
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe"
    3⤵
    PID:3864
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:9736
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:3684
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:3992
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:8084
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13256
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12228
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:6856
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6056
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11160
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11428
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7036
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13592
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13212
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8940
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9056
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10176
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5356
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10660
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:8164
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13276
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9360
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12664
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5972
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8304
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13296
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9084
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6920
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5716
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13668
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:14100
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9140
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9520
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:1288
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5780
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12752
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12372
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6768
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13860
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13504
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7940
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8452
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:12348
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8180
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:6480
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8288
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:7284
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:2992
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:9392
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:13716
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8104
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8500
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5044
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
  2⤵
  PID:9168
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:7900
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 5916 -ip 5916
1⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 11248 -ip 11248
1⤵
PID:11544

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa38c5055 /state1:0x41c64e6d
1⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 8424 -ip 8424
1⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 5720 -ip 5720
1⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 6536 -ip 6536
1⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 700 -p 5896 -ip 5896
1⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 8228 -ip 8228
1⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 10660 -ip 10660
1⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 1664 -ip 1664
1⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 6676 -ip 6676
1⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 7112 -ip 7112
1⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 10244 -ip 10244
1⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 8020 -ip 8020
1⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 6996 -ip 6996
1⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 8272 -ip 8272
1⤵
PID:1412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 3884 -ip 3884
1⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 788 -p 7004 -ip 7004
1⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 832 -p 4296 -ip 4296
1⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 756 -p 6008 -ip 6008
1⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 864 -p 9276 -ip 9276
1⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 6944 -ip 6944
1⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4204 -ip 4204
1⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 644 -p 8912 -ip 8912
1⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 1012 -ip 1012
1⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 4232 -ip 4232
1⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 4132 -ip 4132
1⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 836 -p 6528 -ip 6528
1⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 780 -p 2680 -ip 2680
1⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 7524 -ip 7524
1⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 7896 -ip 7896
1⤵
PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 11248 -ip 11248
1⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 5688 -ip 5688
1⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 12192 -ip 12192
1⤵
PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 7164 -ip 7164
1⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 11724 -ip 11724
1⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 4336 -ip 4336
1⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 12248 -ip 12248
1⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 3684 -ip 3684
1⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 8028 -ip 8028
1⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 4660 -ip 4660
1⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 12240 -ip 12240
1⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 12232 -ip 12232
1⤵
PID:9936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 828 -p 12224 -ip 12224
1⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 772 -p 6008 -ip 6008
1⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 7004 -ip 7004
1⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 4296 -ip 4296
1⤵
PID:3884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 4232 -ip 4232
1⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 852 -p 11876 -ip 11876
1⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 10352 -ip 10352
1⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6528 -ip 6528
1⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 2264 -ip 2264
1⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 2680 -ip 2680
1⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 8056 -ip 8056
1⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 11172 -ip 11172
1⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 888 -p 5688 -ip 5688
1⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 7532 -ip 7532
1⤵
PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 11824 -ip 11824
1⤵
PID:3584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 4336 -ip 4336
1⤵
PID:2188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 7488 -ip 7488
1⤵
PID:2872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 7304 -ip 7304
1⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 7796 -ip 7796
1⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 8104 -ip 8104
1⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 8024 -ip 8024
1⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 10356 -ip 10356
1⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 2100 -ip 2100
1⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 4724 -ip 4724
1⤵
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 928 -p 8900 -ip 8900
1⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 3856 -ip 3856
1⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 8920 -ip 8920
1⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 5800 -ip 5800
1⤵
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 692 -p 11172 -ip 11172
1⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1008 -p 8036 -ip 8036
1⤵
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 10572 -ip 10572
1⤵
PID:1012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 11440 -ip 11440
1⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 732 -p 9560 -ip 9560
1⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 9220 -ip 9220
1⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 892 -p 7488 -ip 7488
1⤵
PID:2552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 10208 -ip 10208
1⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 10080 -ip 10080
1⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 9704 -ip 9704
1⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 860 -p 10328 -ip 10328
1⤵
PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 10300 -ip 10300
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 10980 -ip 10980
1⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 10232 -ip 10232
1⤵
PID:1008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 10936 -ip 10936
1⤵
PID:2068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 7768 -ip 7768
1⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 8820 -ip 8820
1⤵
PID:2320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 8508 -ip 8508
1⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 10224 -ip 10224
1⤵
PID:452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 776 -p 9792 -ip 9792
1⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 7272 -ip 7272
1⤵
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 7304 -ip 7304
1⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1004 -p 8904 -ip 8904
1⤵
PID:3780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 2548 -ip 2548
1⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 764 -p 7612 -ip 7612
1⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 768 -p 7012 -ip 7012
1⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 11376 -ip 11376
1⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6532 -ip 6532
1⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 10516 -ip 10516
1⤵
PID:2252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7264 -ip 7264
1⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 5416 -ip 5416
1⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5020 -ip 5020
1⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 2784 -ip 2784
1⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 988 -p 3388 -ip 3388
1⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 964 -p 5064 -ip 5064
1⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 5136 -ip 5136
1⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 7340 -ip 7340
1⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 708 -p 10708 -ip 10708
1⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 3856 -ip 3856
1⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 8656 -ip 8656
1⤵
PID:3064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 808 -p 5424 -ip 5424
1⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 9656 -ip 9656
1⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 9864 -ip 9864
1⤵
PID:3852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 916 -p 5372 -ip 5372
1⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 8848 -ip 8848
1⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 5692 -ip 5692
1⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 652 -p 7960 -ip 7960
1⤵
PID:2584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 812 -p 8984 -ip 8984
1⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 9492 -ip 9492
1⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 5128 -ip 5128
1⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 6936 -ip 6936
1⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 4652 -ip 4652
1⤵
PID:10880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 5992 -ip 5992
1⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 660 -p 5844 -ip 5844
1⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 7268 -ip 7268
1⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 8464 -ip 8464
1⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 5780 -ip 5780
1⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5340 -ip 5340
1⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 824 -p 7800 -ip 7800
1⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5408 -ip 5408
1⤵
PID:404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 1940 -ip 1940
1⤵
PID:11228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 12032 -ip 12032
1⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 11852 -ip 11852
1⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 2096 -ip 2096
1⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 896 -p 11572 -ip 11572
1⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 8168 -ip 8168
1⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 8492 -ip 8492
1⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 972 -p 9512 -ip 9512
1⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 6604 -ip 6604
1⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 9420 -ip 9420
1⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 7720 -ip 7720
1⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 796 -p 10868 -ip 10868
1⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 10176 -ip 10176
1⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 8036 -ip 8036
1⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 872 -p 8976 -ip 8976
1⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 5400 -ip 5400
1⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 7780 -ip 7780
1⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 8868 -ip 8868
1⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 7260 -ip 7260
1⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 1040 -ip 1040
1⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 952 -p 4556 -ip 4556
1⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 10552 -ip 10552
1⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 716 -p 8656 -ip 8656
1⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1012 -p 9656 -ip 9656
1⤵
PID:10928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 6032 -ip 6032
1⤵
PID:1008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 9864 -ip 9864
1⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 7996 -ip 7996
1⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1016 -p 7968 -ip 7968
1⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 712 -p 5716 -ip 5716
1⤵
PID:10224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 792 -p 5936 -ip 5936
1⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 12080 -ip 12080
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 5692 -ip 5692
1⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 980 -p 6928 -ip 6928
1⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 8984 -ip 8984
1⤵
PID:3444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 5780 -ip 5780
1⤵
PID:2676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 976 -p 5408 -ip 5408
1⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 3864 -ip 3864
1⤵
PID:388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 9648 -ip 9648
1⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 12032 -ip 12032
1⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 10212 -ip 10212
1⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 728 -p 1940 -ip 1940
1⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 10816 -ip 10816
1⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 856 -p 884 -ip 884
1⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 3712 -ip 3712
1⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 7372 -ip 7372
1⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 6972 -ip 6972
1⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 696 -p 5700 -ip 5700
1⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 2096 -ip 2096
1⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 8928 -ip 8928
1⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 492 -p 12324 -ip 12324
1⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 12340 -ip 12340
1⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5420 -ip 5420
1⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 9284 -ip 9284
1⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 4488 -ip 4488
1⤵
PID:2780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 11028 -ip 11028
1⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 12540 -ip 12540
1⤵
PID:10020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5452 -ip 5452
1⤵
PID:1248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1020 -p 4352 -ip 4352
1⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 6464 -ip 6464
1⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 13072 -ip 13072
1⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 9136 -ip 9136
1⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 7848 -ip 7848
1⤵
PID:1244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1032 -p 7308 -ip 7308
1⤵
PID:2784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 876 -p 9504 -ip 9504
1⤵
PID:10688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1120 -p 10000 -ip 10000
1⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 12024 -ip 12024
1⤵
PID:1248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 5868 -ip 5868
1⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1076 -p 6868 -ip 6868
1⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 8176 -ip 8176
1⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 10920 -ip 10920
1⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 760 -p 9492 -ip 9492
1⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 2208 -ip 2208
1⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1040 -p 8180 -ip 8180
1⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 13276 -ip 13276
1⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 11768 -ip 11768
1⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 12296 -ip 12296
1⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1072 -p 13204 -ip 13204
1⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1060 -p 9812 -ip 9812
1⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1052 -p 5484 -ip 5484
1⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 592 -p 2912 -ip 2912
1⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5792 -ip 5792
1⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1140 -p 12996 -ip 12996
1⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1064 -p 6980 -ip 6980
1⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 724 -p 7760 -ip 7760
1⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1112 -p 1040 -ip 1040
1⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1172 -p 5128 -ip 5128
1⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1168 -p 12924 -ip 12924
1⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1104 -p 6460 -ip 6460
1⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1100 -p 5216 -ip 5216
1⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 11144 -ip 11144
1⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1028 -p 4904 -ip 4904
1⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 940 -p 10408 -ip 10408
1⤵
PID:13452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 7204 -ip 7204
1⤵
PID:13496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 628 -p 6056 -ip 6056
1⤵
PID:13524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 912 -p 1008 -ip 1008
1⤵
PID:13908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 820 -p 6416 -ip 6416
1⤵
PID:13980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 924 -p 9372 -ip 9372
1⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 4556 -ip 4556
1⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 748 -p 11160 -ip 11160
1⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 11436 -ip 11436
1⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 12664 -ip 12664
1⤵
PID:3424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 960 -p 9836 -ip 9836
1⤵
PID:2620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 904 -p 8764 -ip 8764
1⤵
PID:13908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 956 -p 884 -ip 884
1⤵
PID:14296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 580 -p 12752 -ip 12752
1⤵
PID:10024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4352 -ip 4352
1⤵
PID:1092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 8304 -ip 8304
1⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 968 -p 9516 -ip 9516
1⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1000 -p 8468 -ip 8468
1⤵
PID:2680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1044 -p 10304 -ip 10304
1⤵
PID:2620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 8952 -ip 8952
1⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1136 -p 13296 -ip 13296
1⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 1036 -p 7696 -ip 7696
1⤵
PID:10024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 908 -p 12472 -ip 12472
1⤵
PID:10236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 944 -p 10000 -ip 10000
1⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 5868 -ip 5868
1⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 784 -p 12756 -ip 12756
1⤵
PID:3524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 948 -p 12228 -ip 12228
1⤵
PID:14060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\defender.exe.log

Filesize
1KB

MD5
7ebe314bf617dc3e48b995a6c352740c

SHA1
538f643b7b30f9231a3035c448607f767527a870

SHA256
48178f884b8a4dd96e330b210b0530667d9473a7629fc6b4ad12b614bf438ee8

SHA512
0ba9d8f4244c15285e254d27b4bff7c49344ff845c48bc0bf0d8563072fab4d6f7a6abe6b6742e8375a08e9a3b3e5d5dc4937ab428dbe2dd8e62892fda04507e

Download Submit
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe

Filesize
17KB

MD5
05a9d377f26e6c48b167f64fd802899b

SHA1
90dc58c88d853ea53fcd54410f0cc7c5fd393f05

SHA256
47c889dd63190f07f54b7f3db663a1fb54c1fa981caab5b627885ac92b156337

SHA512
aa728441651b381442f09b7188349f926aec5f5ce57226d620aec7210ec19ba32ad52cf9a75cf71180041b5ee87b0245ad5534e4e738a4d174a1fc5f2a04afb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest4.exe

Filesize
10.1MB

MD5
97f44c7df82adc19ce025cfc8958245c

SHA1
699fb553ea85db7c6c5fc5118ab7a1a0c3b19602

SHA256
0fc9a98ed6bad1f94e0357b6bb833b4eca20bea119abc0cdfa3bb4caeeddcda1

SHA512
e2da423ba4eee8f4e836f5eeed82bfe9cf482a911200f805dcdff20d41901c73b40faf187c66ef2e32f9ec8f6d565c43f38229c026285dd0411d4c1c8c22c27e

Download Submit
C:\Users\Admin\usbwrite.exe

Filesize
1.8MB

MD5
d93d3c1c92519322dcd8d211dac64230

SHA1
2912779f226b3c5208a972ad3d6e2ba4201e7501

SHA256
264cda51612a4dfcfb93ffba2f284ef0aed3d88e0a73d25fedaf06b9e5035f97

SHA512
1974889293c5055c40649444a50b87b6b682e70089b76b56d5a2714b663a027fa9983475dee4d8db0ec4206c912e60f40a737ecaef7bb7340521b0d8dedcc964

Download Submit
memory/1012-19-0x0000000074A40000-0x00000000751F0000-memory.dmp

Filesize
7.7MB

Download
memory/1012-20-0x0000000000C60000-0x0000000000C6A000-memory.dmp

Filesize
40KB

Download
memory/1012-23-0x0000000005720000-0x0000000005730000-memory.dmp

Filesize
64KB

Download
memory/2784-0-0x0000000074A40000-0x00000000751F0000-memory.dmp

Filesize
7.7MB

Download
memory/2784-4-0x0000000006110000-0x0000000006120000-memory.dmp

Filesize
64KB

Download
memory/2784-5-0x0000000005F50000-0x0000000005F5A000-memory.dmp

Filesize
40KB

Download
memory/2784-1-0x0000000000AB0000-0x0000000001546000-memory.dmp

Filesize
10.6MB

Download
memory/2784-3-0x0000000005FB0000-0x0000000006042000-memory.dmp

Filesize
584KB

Download
memory/2784-2-0x00000000064C0000-0x0000000006A64000-memory.dmp

Filesize
5.6MB

Download
memory/2784-59-0x0000000074A40000-0x00000000751F0000-memory.dmp

Filesize
7.7MB

Download
memory/4688-67-0x00000000001D0000-0x000000000022A000-memory.dmp

Filesize
360KB

Download
memory/5128-72-0x0000000074A40000-0x00000000751F0000-memory.dmp

Filesize
7.7MB

Download
memory/5136-34-0x00000000774D0000-0x00000000774DA000-memory.dmp

Filesize
40KB

Download
memory/5188-69-0x0000000070F50000-0x00000000710F8000-memory.dmp

Filesize
1.7MB

Download
memory/6480-73-0x00007FFA26BB0000-0x00007FFA26DA5000-memory.dmp

Filesize
2.0MB

Download
memory/8820-75-0x00007FFA26BB0000-0x00007FFA26DA5000-memory.dmp

Filesize
2.0MB

Download
memory/9628-70-0x00007FFA26BB0000-0x00007FFA26DA5000-memory.dmp

Filesize
2.0MB

Download
memory/9888-71-0x00000000759E0000-0x0000000075A9F000-memory.dmp

Filesize
764KB

Download
memory/10292-36-0x0000000076A30000-0x0000000076CB1000-memory.dmp

Filesize
2.5MB

Download
memory/11572-42-0x0000000000D00000-0x0000000001718000-memory.dmp

Filesize
10.1MB

Download
memory/13956-76-0x00007FFA26BB0000-0x00007FFA26DA5000-memory.dmp

Filesize
2.0MB

Download
memory/14092-80-0x0000000074A40000-0x00000000751F0000-memory.dmp

Filesize
7.7MB

Download
memory/14096-84-0x00007FFA26BB0000-0x00007FFA26DA5000-memory.dmp

Filesize
2.0MB

Download
memory/15300-83-0x00007FFA26BB0000-0x00007FFA26DA5000-memory.dmp

Filesize
2.0MB

Download