1786d9bdb752a866bba3beaa27f0b6e635e4c6449bcc32105539551758186492

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-04-2024 03:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AntivirusDefender-main/AntivirusDefender/AntivirusDefender/bin/Debug/defender.exe
Size

10.6MB
MD5

7acbd34db0aa98d2a0cc3ea8716b12b5
SHA1

842d24df65449d5722b387f0a28cb746cf615e69
SHA256

3bdab09c77fda2c0afe9cafd76202cd33f9a1d7adee9e437a931d2ba366ebf87
SHA512

1f564735bb1596a6ba5d1b6654fc3b90a9707117b048d54a1c54324eea5d634dbcfbdff366ef1d65598507660295008f8434054c3f53412cacf49c55aff208d2
SSDEEP

196608:DbxNMGrnhzvYf9EfmiAf1qkB8I9r1UhraBMBMBR:bMGr4+BAf1qC1caBMWBR

Score

10^/10

evasion persistence trojan

Malware Config

Signatures

UAC bypass 3 TTPs 64 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe

Executes dropped EXE 1 IoCs

pid	Process
2300	antivirusfalsepositivetest3.exe

Loads dropped DLL 1 IoCs

pid	Process
2028	defender.exe

Adds Run key to start application 2 TTPs 63 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValue = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	antivirusfalsepositivetest3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\MyStartupValuex = "C:\\Users\\Admin\\AppData\\Local\\Temp\\AntivirusDefender-main\\AntivirusDefender\\AntivirusDefender\\bin\\Debug\\antivirusfalsepositivetest4.exe"	defender.exe

Checks whether UAC is enabled 1 TTPs 64 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	defender.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 64 IoCs

pid	pid_target	Process	procid_target
19844	12732	WerFault.exe	762
19920	14616	WerFault.exe	775
20080	14372	WerFault.exe	765
20340	17436	WerFault.exe	910
20348	17336	WerFault.exe	892
17512	19504	WerFault.exe	977
18624	20120	WerFault.exe	1008
18888	17480	WerFault.exe	971
17988	19624	WerFault.exe	987
13116	7580	WerFault.exe	969
20240	19472	WerFault.exe	973
14036	16500	WerFault.exe	854
10164	6964	WerFault.exe	904
12968	15896	WerFault.exe	841
12964	15444	WerFault.exe	902
9924	17428	WerFault.exe	909
6024	20184	WerFault.exe	1101
6388	14152	WerFault.exe	738
11328	14460	WerFault.exe	770
10628	10672	WerFault.exe	521
20512	10604	WerFault.exe	1116
20520	5632	WerFault.exe	1118
20564	14380	WerFault.exe	766
20656	14760	WerFault.exe	785
5540	20712	WerFault.exe	1174
20300	20800	WerFault.exe	1178
14704	20808	WerFault.exe	1179
12504	20816	WerFault.exe	1180
6668	20852	WerFault.exe	1184
5496	16304	WerFault.exe	847
4612	19616	WerFault.exe	986
4416	12000	WerFault.exe	1048
4744	18948	WerFault.exe	1049
14160	15188	WerFault.exe	803
17416	13760	WerFault.exe	816
6832	16124	WerFault.exe	843
22060	14728	WerFault.exe	1067
19852	13764	WerFault.exe	1057
6952	14888	WerFault.exe	1111
15524	19544	WerFault.exe	978
21724	19584	WerFault.exe	982
2212	22244	Process not Found	1297
20772	2892	Process not Found	1326
20784	13888	Process not Found	1329
15440	20692	Process not Found	1339
21536	21276	Process not Found	1342
22632	19172	Process not Found	965
22704	700	Process not Found	1349
20588	5636	Process not Found	594
6928	2628	Process not Found	98
22160	20116	Process not Found	1227
2636	4408	Process not Found	211
6432	23148	Process not Found	1417
22388	12200	Process not Found	591
14556	23224	Process not Found	1424
13152	13492	Process not Found	694
21584	2404	Process not Found	682
7164	13596	Process not Found	702
1240	13652	Process not Found	708
22996	14096	Process not Found	734
19864	14388	Process not Found	767
5808	14108	Process not Found	735
21460	13964	Process not Found	729
16312	15704	Process not Found	834

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2028	defender.exe
2028	defender.exe
2028	defender.exe
2028	defender.exe
2028	defender.exe
2028	defender.exe
2028	defender.exe
2028	defender.exe
2028	defender.exe
2028	defender.exe
2028	defender.exe
2028	defender.exe
1400	defender.exe
1400	defender.exe
1400	defender.exe
1400	defender.exe
1400	defender.exe
1400	defender.exe
1400	defender.exe
1400	defender.exe
2620	defender.exe
2620	defender.exe
2620	defender.exe
2620	defender.exe
2028	defender.exe
2028	defender.exe
1400	defender.exe
1400	defender.exe
2492	defender.exe
2492	defender.exe
2492	defender.exe
2492	defender.exe
2620	defender.exe
2620	defender.exe
1400	defender.exe
1400	defender.exe
2492	defender.exe
2492	defender.exe
2620	defender.exe
2620	defender.exe
2768	defender.exe
2768	defender.exe
2768	defender.exe
2768	defender.exe
2492	defender.exe
2492	defender.exe
2768	defender.exe
2768	defender.exe
2620	defender.exe
2620	defender.exe
2028	defender.exe
2028	defender.exe
2620	defender.exe
2620	defender.exe
2492	defender.exe
2492	defender.exe
1008	defender.exe
1008	defender.exe
1008	defender.exe
1008	defender.exe
2620	defender.exe
2620	defender.exe
2768	defender.exe
2768	defender.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2884	shutdown.exe
Token: SeRemoteShutdownPrivilege	2884	shutdown.exe
Token: SeDebugPrivilege	2028	defender.exe
Token: SeDebugPrivilege	1400	defender.exe
Token: SeDebugPrivilege	2620	defender.exe
Token: SeShutdownPrivilege	2688	shutdown.exe
Token: SeRemoteShutdownPrivilege	2688	shutdown.exe
Token: SeDebugPrivilege	2492	defender.exe
Token: SeDebugPrivilege	2768	defender.exe
Token: SeShutdownPrivilege	2880	shutdown.exe
Token: SeRemoteShutdownPrivilege	2880	shutdown.exe
Token: SeDebugPrivilege	1008	defender.exe
Token: SeShutdownPrivilege	2140	shutdown.exe
Token: SeRemoteShutdownPrivilege	2140	shutdown.exe
Token: SeShutdownPrivilege	1240	shutdown.exe
Token: SeRemoteShutdownPrivilege	1240	shutdown.exe
Token: SeDebugPrivilege	2020	defender.exe
Token: SeDebugPrivilege	348	defender.exe
Token: SeDebugPrivilege	1776	defender.exe
Token: SeDebugPrivilege	2320	defender.exe
Token: SeDebugPrivilege	1772	defender.exe
Token: SeDebugPrivilege	2812	defender.exe
Token: SeDebugPrivilege	1068	defender.exe
Token: SeDebugPrivilege	2952	defender.exe
Token: SeShutdownPrivilege	2804	shutdown.exe
Token: SeRemoteShutdownPrivilege	2804	shutdown.exe
Token: SeDebugPrivilege	1236	defender.exe
Token: SeShutdownPrivilege	848	shutdown.exe
Token: SeRemoteShutdownPrivilege	848	shutdown.exe
Token: SeShutdownPrivilege	1328	shutdown.exe
Token: SeRemoteShutdownPrivilege	1328	shutdown.exe
Token: SeShutdownPrivilege	580	shutdown.exe
Token: SeRemoteShutdownPrivilege	580	shutdown.exe
Token: SeShutdownPrivilege	3032	shutdown.exe
Token: SeRemoteShutdownPrivilege	3032	shutdown.exe
Token: SeShutdownPrivilege	3112	shutdown.exe
Token: SeRemoteShutdownPrivilege	3112	shutdown.exe
Token: SeDebugPrivilege	2788	defender.exe
Token: SeShutdownPrivilege	2780	shutdown.exe
Token: SeRemoteShutdownPrivilege	2780	shutdown.exe
Token: SeShutdownPrivilege	3276	shutdown.exe
Token: SeRemoteShutdownPrivilege	3276	shutdown.exe
Token: SeShutdownPrivilege	2164	shutdown.exe
Token: SeRemoteShutdownPrivilege	2164	shutdown.exe
Token: SeDebugPrivilege	1444	defender.exe
Token: SeDebugPrivilege	1624	defender.exe
Token: SeDebugPrivilege	1440	defender.exe
Token: SeDebugPrivilege	1568	defender.exe
Token: SeDebugPrivilege	3432	defender.exe
Token: SeDebugPrivilege	3092	defender.exe
Token: SeShutdownPrivilege	3612	shutdown.exe
Token: SeRemoteShutdownPrivilege	3612	shutdown.exe
Token: SeDebugPrivilege	2212	defender.exe
Token: SeDebugPrivilege	1748	defender.exe
Token: SeDebugPrivilege	1540	defender.exe
Token: SeDebugPrivilege	1500	defender.exe
Token: SeShutdownPrivilege	1044	shutdown.exe
Token: SeRemoteShutdownPrivilege	1044	shutdown.exe
Token: SeDebugPrivilege	2628	defender.exe
Token: SeDebugPrivilege	600	defender.exe
Token: SeDebugPrivilege	1868	defender.exe
Token: SeDebugPrivilege	2804	defender.exe
Token: SeDebugPrivilege	1712	defender.exe
Token: SeDebugPrivilege	1620	defender.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2884	2028	defender.exe	28
PID 2028 wrote to memory of 2884	2028	defender.exe	28
PID 2028 wrote to memory of 2884	2028	defender.exe	28
PID 2028 wrote to memory of 2884	2028	defender.exe	28
PID 2028 wrote to memory of 2680	2028	defender.exe	31
PID 2028 wrote to memory of 2680	2028	defender.exe	31
PID 2028 wrote to memory of 2680	2028	defender.exe	31
PID 2028 wrote to memory of 2680	2028	defender.exe	31
PID 2028 wrote to memory of 2300	2028	defender.exe	33
PID 2028 wrote to memory of 2300	2028	defender.exe	33
PID 2028 wrote to memory of 2300	2028	defender.exe	33
PID 2028 wrote to memory of 2300	2028	defender.exe	33
PID 2028 wrote to memory of 1400	2028	defender.exe	34
PID 2028 wrote to memory of 1400	2028	defender.exe	34
PID 2028 wrote to memory of 1400	2028	defender.exe	34
PID 2028 wrote to memory of 1400	2028	defender.exe	34
PID 2028 wrote to memory of 2784	2028	defender.exe	35
PID 2028 wrote to memory of 2784	2028	defender.exe	35
PID 2028 wrote to memory of 2784	2028	defender.exe	35
PID 2028 wrote to memory of 2784	2028	defender.exe	35
PID 2028 wrote to memory of 2756	2028	defender.exe	36
PID 2028 wrote to memory of 2756	2028	defender.exe	36
PID 2028 wrote to memory of 2756	2028	defender.exe	36
PID 2028 wrote to memory of 2756	2028	defender.exe	36
PID 2028 wrote to memory of 2620	2028	defender.exe	39
PID 2028 wrote to memory of 2620	2028	defender.exe	39
PID 2028 wrote to memory of 2620	2028	defender.exe	39
PID 2028 wrote to memory of 2620	2028	defender.exe	39
PID 2028 wrote to memory of 2492	2028	defender.exe	40
PID 2028 wrote to memory of 2492	2028	defender.exe	40
PID 2028 wrote to memory of 2492	2028	defender.exe	40
PID 2028 wrote to memory of 2492	2028	defender.exe	40
PID 1400 wrote to memory of 2688	1400	defender.exe	41
PID 1400 wrote to memory of 2688	1400	defender.exe	41
PID 1400 wrote to memory of 2688	1400	defender.exe	41
PID 1400 wrote to memory of 2688	1400	defender.exe	41
PID 1400 wrote to memory of 2768	1400	defender.exe	43
PID 1400 wrote to memory of 2768	1400	defender.exe	43
PID 1400 wrote to memory of 2768	1400	defender.exe	43
PID 1400 wrote to memory of 2768	1400	defender.exe	43
PID 2620 wrote to memory of 2880	2620	defender.exe	94
PID 2620 wrote to memory of 2880	2620	defender.exe	94
PID 2620 wrote to memory of 2880	2620	defender.exe	94
PID 2620 wrote to memory of 2880	2620	defender.exe	94
PID 2492 wrote to memory of 2140	2492	defender.exe	46
PID 2492 wrote to memory of 2140	2492	defender.exe	46
PID 2492 wrote to memory of 2140	2492	defender.exe	46
PID 2492 wrote to memory of 2140	2492	defender.exe	46
PID 1400 wrote to memory of 1008	1400	defender.exe	48
PID 1400 wrote to memory of 1008	1400	defender.exe	48
PID 1400 wrote to memory of 1008	1400	defender.exe	48
PID 1400 wrote to memory of 1008	1400	defender.exe	48
PID 2620 wrote to memory of 2020	2620	defender.exe	49
PID 2620 wrote to memory of 2020	2620	defender.exe	49
PID 2620 wrote to memory of 2020	2620	defender.exe	49
PID 2620 wrote to memory of 2020	2620	defender.exe	49
PID 2028 wrote to memory of 1068	2028	defender.exe	50
PID 2028 wrote to memory of 1068	2028	defender.exe	50
PID 2028 wrote to memory of 1068	2028	defender.exe	50
PID 2028 wrote to memory of 1068	2028	defender.exe	50
PID 2768 wrote to memory of 1240	2768	defender.exe	51
PID 2768 wrote to memory of 1240	2768	defender.exe	51
PID 2768 wrote to memory of 1240	2768	defender.exe	51
PID 2768 wrote to memory of 1240	2768	defender.exe	51

System policy modification 1 TTPs 64 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	defender.exe

C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
"C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
1⤵
- UAC bypass
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
PID:2028
- C:\Windows\SysWOW64\shutdown.exe
  "C:\Windows\System32\shutdown.exe" /r /t 30
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2884
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe" "C:\Users\Admin\defender.exe" & pause
  2⤵
  PID:2680
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:2300
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  - System policy modification
  PID:1400
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2688
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - Adds Run key to start application
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2768
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1240
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      Adds Run key to start application
      Checks whether UAC is enabled
      Suspicious use of AdjustPrivilegeToken
      System policy modification
      PID:348
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        Adds Run key to start application
        Suspicious use of AdjustPrivilegeToken
        
        PID:1540
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3112
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        System policy modification
        
        PID:4312
        
        C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        7⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        7⤵
        
        PID:6244
        
        C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        8⤵
        
        PID:7116
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:4996
        
        C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        7⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        7⤵
        
        PID:16552
        
        C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        8⤵
        
        PID:21660
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        UAC bypass
        Checks whether UAC is enabled
        System policy modification
        
        PID:8004
        
        C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        7⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:10612
        
        C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        7⤵
        
        PID:12604
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        6⤵
        
        PID:13620
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:13932
        
        C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        7⤵
        
        PID:5616
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:14796
        
        C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        7⤵
        
        PID:21224
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:15856
        
        C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        7⤵
        
        PID:15696
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:17328
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:20120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 20120 -s 88
        7⤵
        Program crash
        
        PID:18624
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:14700
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:17716
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:21428
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:22396
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        UAC bypass
        Adds Run key to start application
        Checks whether UAC is enabled
        
        PID:872
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:4684
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        UAC bypass
        
        PID:6344
        
        C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        7⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        7⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:7836
        
        C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        7⤵
        
        PID:11768
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:12100
        
        C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        7⤵
        
        PID:18028
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        6⤵
        
        PID:16824
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:14204
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:18660
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:17872
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:21168
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:15868
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:21280
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        UAC bypass
        Adds Run key to start application
        Checks whether UAC is enabled
        
        PID:4952
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:14768
        
        C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        7⤵
        
        PID:21216
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        6⤵
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:22016
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:7880
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:9788
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10480
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:12308
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10856
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:13076
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:14680
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:15596
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:17096
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:21740
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:18404
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:19624
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 19624 -s 92
        6⤵
        Program crash
        
        PID:17988
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6152
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:21284
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8924
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:8076
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11596
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:15052
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:16644
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:17628
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:19496
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:20168
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:20144
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:20916
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:22388
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - Adds Run key to start application
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1008
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      Adds Run key to start application
      Suspicious use of AdjustPrivilegeToken
      PID:1568
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        Checks whether UAC is enabled
        
        PID:1060
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:15504
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        UAC bypass
        
        PID:4624
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:19964
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        UAC bypass
        System policy modification
        
        PID:3352
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:16984
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:7852
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10460
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:12332
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10904
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:13212
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:14220
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:14696
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:15696
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:17188
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:18116
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:19584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 19584 -s 640
        6⤵
        Program crash
        
        PID:21724
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:19656
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:16436
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:21160
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:20772
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:20692
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      Adds Run key to start application
      Suspicious use of AdjustPrivilegeToken
      PID:1748
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        UAC bypass
        
        PID:4980
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:15472
        
        C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        7⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        UAC bypass
        
        PID:7780
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10328
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:7688
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13544
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:19356
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:13576
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:14356
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13320
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:17076
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:14212
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:19652
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:17792
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:19096
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:21132
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:20956
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      Checks whether UAC is enabled
      System policy modification
      PID:3812
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:8500
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:21268
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:2140
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:11648
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11972
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:17172
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:18796
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:19504
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 19504 -s 92
        5⤵
        Program crash
        
        PID:17512
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13324
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:19976
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:19288
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:20964
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:22452
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - UAC bypass
    - Adds Run key to start application
    - Suspicious use of AdjustPrivilegeToken
    PID:1236
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      Adds Run key to start application
      Checks whether UAC is enabled
      Suspicious use of AdjustPrivilegeToken
      PID:1444
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        Checks whether UAC is enabled
        System policy modification
        
        PID:2752
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:18036
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        Adds Run key to start application
        
        PID:4936
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:15132
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        6⤵
        
        PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        Checks whether UAC is enabled
        System policy modification
        
        PID:7764
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:9620
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10368
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:12416
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13536
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:13552
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:14380
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14380 -s 684
        6⤵
        Program crash
        
        PID:20564
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13760
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13760 -s 712
        6⤵
        Program crash
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:16672
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:19180
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:17512
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:20368
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      Adds Run key to start application
      Suspicious use of AdjustPrivilegeToken
      PID:3092
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        Checks whether UAC is enabled
        System policy modification
        
        PID:4544
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:7136
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:19172
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:3748
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:20004
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        UAC bypass
        Checks whether UAC is enabled
        
        PID:7800
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:9560
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10400
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13636
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:14388
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13304
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:16680
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:16720
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13916
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:5632
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 92
        6⤵
        Program crash
        
        PID:20520
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      Checks whether UAC is enabled
      System policy modification
      PID:5180
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:17160
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      System policy modification
      PID:8148
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10764
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:12896
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:13764
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:1088
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:20620
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12908
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:13532
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:16484
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:22324
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:17636
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:19488
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:17996
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:19492
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - System policy modification
    PID:3696
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:7228
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - System policy modification
    PID:7888
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:10088
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10488
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:12636
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10880
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:13008
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:13980
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:14364
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:13776
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:7036
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:17068
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:22312
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:18004
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:19464
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe" "C:\Users\Admin\antivirusfalsepositivetest3.exe" & pause
  2⤵
  PID:2784
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest4.exe" "C:\Users\Admin\antivirusfalsepositivetest4.exe" & pause
  2⤵
  PID:2756
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - Adds Run key to start application
  - Checks whether UAC is enabled
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  - System policy modification
  PID:2620
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2880
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - Adds Run key to start application
    - Suspicious use of AdjustPrivilegeToken
    PID:2020
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:580
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      Adds Run key to start application
      Checks whether UAC is enabled
      PID:1744
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:3472
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:5652
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:7048
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:7080
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10956
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:13276
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:7588
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:15060
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:15896
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 15896 -s 600
        6⤵
        Program crash
        
        PID:12968
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:17336
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17336 -s 480
        6⤵
        Program crash
        
        PID:20348
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:19644
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:19828
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:20264
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:20808
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 20808 -s 104
        6⤵
        Program crash
        
        PID:14704
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:7684
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:22296
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      Adds Run key to start application
      System policy modification
      PID:3100
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        UAC bypass
        Checks whether UAC is enabled
        System policy modification
        
        PID:8792
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:268
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:11560
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:5908
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:17036
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:11328
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:18664
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:20188
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:17772
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:14680
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:21176
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      Adds Run key to start application
      Checks whether UAC is enabled
      System policy modification
      PID:4164
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:15120
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      Checks whether UAC is enabled
      PID:5004
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7740
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:9580
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10360
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:12388
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:12912
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:14152
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14152 -s 660
        5⤵
        Program crash
        
        PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:14844
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:15848
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:17348
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:16724
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13372
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:16528
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:14660
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:20828
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:17076
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:22252
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - UAC bypass
    - Adds Run key to start application
    - Suspicious use of AdjustPrivilegeToken
    - System policy modification
    PID:2320
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:848
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      Adds Run key to start application
      Checks whether UAC is enabled
      PID:2308
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:11608
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:12852
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:17016
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:18636
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:20180
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:20036
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      Adds Run key to start application
      Suspicious use of AdjustPrivilegeToken
      System policy modification
      PID:2628
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        System policy modification
        
        PID:5068
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:20164
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        UAC bypass
        Checks whether UAC is enabled
        
        PID:7748
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10300
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:4652
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:13468
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13492
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:14704
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:15704
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:16852
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:19592
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:19076
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:19600
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:17264
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:21108
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:22428
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      PID:4360
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:7088
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:18388
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      Adds Run key to start application
      System policy modification
      PID:5052
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:6832
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:14760
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14760 -s 668
        6⤵
        Program crash
        
        PID:20656
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:17540
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13584
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      Checks whether UAC is enabled
      System policy modification
      PID:7900
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:9820
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10496
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:12868
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10912
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:13016
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:14304
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:14460
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14460 -s 712
        5⤵
        Program crash
        
        PID:11328
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:15460
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:16876
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:17904
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6224
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13740
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:19712
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10600
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:21140
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:17748
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:21276
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - Adds Run key to start application
    - Suspicious use of AdjustPrivilegeToken
    - System policy modification
    PID:2812
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      Adds Run key to start application
      Suspicious use of AdjustPrivilegeToken
      PID:1624
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        UAC bypass
        Adds Run key to start application
        System policy modification
        
        PID:3672
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:12732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12732 -s 528
        7⤵
        Program crash
        
        PID:19844
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        6⤵
        
        PID:18440
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:21700
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        UAC bypass
        System policy modification
        
        PID:4904
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:17428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17428 -s 504
        7⤵
        Program crash
        
        PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        UAC bypass
        System policy modification
        
        PID:7756
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:9528
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10336
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:7576
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:13560
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13568
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:14668
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:15684
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:21592
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:17364
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:19576
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:20360
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:16660
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:15548
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:20712
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 20712 -s 104
        6⤵
        Program crash
        
        PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:19744
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:22348
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      Adds Run key to start application
      Suspicious use of AdjustPrivilegeToken
      PID:1868
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:4252
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        UAC bypass
        System policy modification
        
        PID:5036
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:20012
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:7724
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:9516
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10308
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:12408
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13476
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:18012
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:13484
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:14720
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:14708
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:15872
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:17372
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:18644
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:17768
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:5988
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      Adds Run key to start application
      Checks whether UAC is enabled
      PID:3632
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:14080
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:18688
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:21124
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:20116
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:21876
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:700
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      Adds Run key to start application
      System policy modification
      PID:4348
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:14616
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14616 -s 576
        6⤵
        Program crash
        
        PID:19920
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      System policy modification
      PID:4892
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:16752
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:21668
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:22132
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7772
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:9508
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10352
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:5152
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:12964
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13384
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:14188
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:14804
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:15176
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:16296
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:15164
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:18656
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:20196
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:19948
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:19328
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:21036
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:19204
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - UAC bypass
    - Adds Run key to start application
    - Suspicious use of AdjustPrivilegeToken
    PID:1500
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      Adds Run key to start application
      Checks whether UAC is enabled
      System policy modification
      PID:4380
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:14588
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:20588
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:22188
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      Adds Run key to start application
      PID:3864
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13964
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:20996
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:22472
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      Checks whether UAC is enabled
      PID:6948
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6308
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:11744
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12116
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:18380
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:19564
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:18016
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:17456
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10604
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10604 -s 92
        5⤵
        Program crash
        
        PID:20512
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:20748
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:20220
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:22356
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - UAC bypass
    PID:2640
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:7948
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12816
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:7940
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:10008
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10520
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:12628
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10928
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:13196
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:12776
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:14856
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:15780
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:17256
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:18132
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:19672
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:6888
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:14728
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 14728 -s 564
      4⤵
      Program crash
      PID:22060
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:14780
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:21052
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:11952
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - UAC bypass
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2492
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2140
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - UAC bypass
    - Adds Run key to start application
    - Suspicious use of AdjustPrivilegeToken
    PID:1772
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      Adds Run key to start application
      Suspicious use of AdjustPrivilegeToken
      PID:1440
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        Checks whether UAC is enabled
        
        PID:3032
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:6476
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:17436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17436 -s 480
        7⤵
        Program crash
        
        PID:20340
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        System policy modification
        
        PID:5060
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:4004
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:19980
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        UAC bypass
        
        PID:7868
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:9972
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10440
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:12316
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10920
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:4784
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:14128
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:14396
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:20888
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:17060
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:17980
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:17480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17480 -s 92
        6⤵
        Program crash
        
        PID:18888
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:20084
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13488
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:18716
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:21020
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:22404
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      Checks whether UAC is enabled
      PID:4640
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:19896
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      PID:4408
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:16500
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 16500 -s 560
        6⤵
        Program crash
        
        PID:14036
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:21884
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:7932
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:9888
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10528
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:12796
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10888
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:13068
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:13344
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:14728
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:15648
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:17120
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11340
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:19608
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12000
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12000 -s 504
        5⤵
        Program crash
        
        PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:20392
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:18016
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:20800
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 20800 -s 104
        5⤵
        Program crash
        
        PID:20300
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:14008
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:22284
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - Adds Run key to start application
    - Suspicious use of AdjustPrivilegeToken
    PID:2952
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:916
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      Adds Run key to start application
      Checks whether UAC is enabled
      System policy modification
      PID:776
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        System policy modification
        
        PID:6352
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:9044
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:5896
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:12108
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:18052
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:16396
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:18724
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:21028
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:20688
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:2200
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      Adds Run key to start application
      Suspicious use of AdjustPrivilegeToken
      PID:1712
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:4304
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        UAC bypass
        
        PID:5076
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        6⤵
        
        PID:19544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 19544 -s 644
        7⤵
        Program crash
        
        PID:15524
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        System policy modification
        
        PID:7844
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10472
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:12324
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10872
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:13096
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:15020
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:15956
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:11684
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:18672
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:20208
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:13764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13764 -s 632
        6⤵
        Program crash
        
        PID:19852
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:20184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 20184 -s 92
        6⤵
        Program crash
        
        PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:20924
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:22436
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5588
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:7316
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      System policy modification
      PID:5848
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:8420
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      Checks whether UAC is enabled
      System policy modification
      PID:8816
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:9676
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11588
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:15380
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:16368
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:16844
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:18012
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:17476
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:17492
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:18748
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:6196
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:20876
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:4472
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:18600
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - Checks whether UAC is enabled
    PID:5864
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:8932
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - System policy modification
    PID:9132
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:11432
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:11828
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:17388
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:17848
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:16664
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:20156
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:19264
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:13952
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:20868
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:12352
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:6472
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - UAC bypass
  - Adds Run key to start application
  - Suspicious use of AdjustPrivilegeToken
  PID:1068
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1044
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - UAC bypass
    - Adds Run key to start application
    - Checks whether UAC is enabled
    - Suspicious use of AdjustPrivilegeToken
    - System policy modification
    PID:2788
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      Adds Run key to start application
      PID:3936
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:14872
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:20612
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:13792
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:20576
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      Adds Run key to start application
      System policy modification
      PID:3768
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:5504
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:12428
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:4632
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:16596
      - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        6⤵
        
        PID:22340
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
        5⤵
        
        PID:21972
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      Checks whether UAC is enabled
      System policy modification
      PID:4432
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:8052
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      Checks whether UAC is enabled
      PID:5788
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:10212
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      PID:8808
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:11148
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11580
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:15044
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:13672
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:17264
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:18092
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:21488
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:19660
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:18936
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:19528
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13436
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:21068
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:22444
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - Adds Run key to start application
    - Checks whether UAC is enabled
    PID:3120
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:5492
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:5876
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:8252
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:9924
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      Checks whether UAC is enabled
      System policy modification
      PID:8840
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:10684
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:9664
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:12168
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12700
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:14856
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13880
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5576
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:7308
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5840
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:7612
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8744
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:11108
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:11512
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:15280
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:15740
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:17000
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:17940
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:19480
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:13436
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:14212
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:13636
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:21044
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:14176
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:9000
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - UAC bypass
  - Adds Run key to start application
  - Checks whether UAC is enabled
  - Suspicious use of AdjustPrivilegeToken
  PID:1776
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:1852
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - Adds Run key to start application
    - Suspicious use of AdjustPrivilegeToken
    PID:1620
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:3464
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      System policy modification
      PID:5092
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:6396
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:17200
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      System policy modification
      PID:7792
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10408
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13628
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:12052
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:13660
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:14448
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:15452
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:17128
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:18424
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:19600
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:19568
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:14712
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12920
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:20936
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:11392
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:22420
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - Adds Run key to start application
    - Suspicious use of AdjustPrivilegeToken
    - System policy modification
    PID:600
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      UAC bypass
      Adds Run key to start application
      Checks whether UAC is enabled
      System policy modification
      PID:4944
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:3828
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:22112
    - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
        
        "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
        5⤵
        
        PID:21616
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:8040
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:10112
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:10672
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:12552
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 10672 -s 804
        5⤵
        Program crash
        
        PID:10628
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:13608
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13924
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:19024
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:14660
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:15664
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:21576
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:17108
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:18412
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:19680
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:19748
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:19540
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5424
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:19860
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - UAC bypass
    PID:5776
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:4100
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:14888
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 14888 -s 556
        5⤵
        Program crash
        
        PID:6952
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8752
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:11140
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:11544
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:13244
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:4092
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:17148
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5140
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:19552
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:19604
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:14868
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:14644
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:20844
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:20736
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:4184
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - Adds Run key to start application
  - System policy modification
  PID:1956
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3276
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10832
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:13356
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:14920
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:22084
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - UAC bypass
  - Adds Run key to start application
  - Suspicious use of AdjustPrivilegeToken
  PID:2212
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:3520
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - Adds Run key to start application
    - System policy modification
    PID:4928
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:6840
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:14968
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:21420
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:8104
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:10232
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10780
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:12948
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:13956
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:12540
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5268
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:17048
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:17972
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:19472
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 19472 -s 104
      4⤵
      Program crash
      PID:20240
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - Adds Run key to start application
  - Checks whether UAC is enabled
  PID:2572
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:3784
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - UAC bypass
    - Checks whether UAC is enabled
    PID:7648
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:9488
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:4760
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:7656
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:13376
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:5684
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - Adds Run key to start application
  - Checks whether UAC is enabled
  - Suspicious use of AdjustPrivilegeToken
  - System policy modification
  PID:2804
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:4216
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - UAC bypass
    - System policy modification
    PID:4912
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:16276
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:21684
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - UAC bypass
    - System policy modification
    PID:8096
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:3272
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10756
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:12836
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:13732
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:14108
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:14864
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:16124
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 16124 -s 760
      4⤵
      Program crash
      PID:6832
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:15444
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 15444 -s 556
      4⤵
      Program crash
      PID:12964
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:18528
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:20140
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:20032
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - UAC bypass
  - Adds Run key to start application
  - System policy modification
  PID:3344
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:4652
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - System policy modification
    PID:4476
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:7276
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:19616
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 19616 -s 600
        5⤵
        Program crash
        
        PID:4612
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - Checks whether UAC is enabled
    PID:7924
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:9964
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10512
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:12340
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10896
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:13000
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:14180
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:14372
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 14372 -s 556
      4⤵
      Program crash
      PID:20080
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:13792
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:17084
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:22524
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:17992
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:7580
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 92
      4⤵
      Program crash
      PID:13116
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:18948
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 18948 -s 556
      4⤵
      Program crash
      PID:4744
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:16432
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:9248
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:20816
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 20816 -s 104
      4⤵
      Program crash
      PID:12504
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:2280
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - Adds Run key to start application
  - Checks whether UAC is enabled
  - Suspicious use of AdjustPrivilegeToken
  - System policy modification
  PID:3432
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:3292
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - UAC bypass
    - Adds Run key to start application
    - Checks whether UAC is enabled
    - System policy modification
    PID:1880
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:5808
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:12876
    - - C:\Windows\SysWOW64\shutdown.exe
        
        "C:\Windows\System32\shutdown.exe" /r /t 30
        5⤵
        
        PID:12184
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:16972
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:13152
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:21324
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - Adds Run key to start application
    - System policy modification
    PID:5084
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:5928
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:14096
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
      4⤵
      PID:21092
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:20704
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:21788
  - - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
      "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
      4⤵
      PID:4284
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:7728
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:9644
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10344
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:1508
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:13588
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:13596
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:14312
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:14880
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:15188
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 15188 -s 712
      4⤵
      Program crash
      PID:14160
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:16304
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 16304 -s 684
      4⤵
      Program crash
      PID:5496
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:6964
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 552
      4⤵
      Program crash
      PID:10164
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:18824
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:20132
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:17960
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:14452
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:21152
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:17504
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:21416
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - UAC bypass
  - Adds Run key to start application
  - Checks whether UAC is enabled
  PID:3568
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:5044
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5636
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:17904
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:18620
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:21100
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:12188
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - Adds Run key to start application
  PID:3652
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:4692
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - UAC bypass
    - Checks whether UAC is enabled
    PID:3968
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:7388
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    - UAC bypass
    PID:7860
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:9836
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10504
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:12460
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10936
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:13060
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:14088
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:14688
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:15672
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:16936
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:17308
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:18492
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:20172
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:12440
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:13640
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:20836
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:17048
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:22244
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - Adds Run key to start application
  PID:3736
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:5904
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:13692
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:4304
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:20852
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 20852 -s 92
      4⤵
      Program crash
      PID:6668
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:14004
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:11216
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - Adds Run key to start application
  - System policy modification
  PID:3836
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:4972
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:5376
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:19972
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:15064
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:19088
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:20904
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - Adds Run key to start application
  - System policy modification
  PID:808
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:6020
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:13948
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:21276
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:19844
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:2892
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - Adds Run key to start application
  - System policy modification
  PID:3004
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:5268
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:14896
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
    3⤵
    PID:16732
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:7136
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - System policy modification
  PID:4960
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:6576
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:16604
  - - C:\Windows\SysWOW64\shutdown.exe
      "C:\Windows\System32\shutdown.exe" /r /t 30
      4⤵
      PID:21516
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - Checks whether UAC is enabled
  - System policy modification
  PID:1972
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:7404
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:19952
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:5368
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:7504
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:19944
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:5660
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:7620
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:16564
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - Checks whether UAC is enabled
  PID:5796
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:8392
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - UAC bypass
  - Checks whether UAC is enabled
  - System policy modification
  PID:6088
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:8572
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:21292
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - Checks whether UAC is enabled
  PID:2860
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:8940
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:10548
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:6360
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:9104
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:13888
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - Checks whether UAC is enabled
  PID:6784
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:5600
- - C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
    "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
    3⤵
    PID:22412
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - UAC bypass
  - Checks whether UAC is enabled
  PID:7120
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:4012
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - Checks whether UAC is enabled
  PID:7212
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:9288
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - UAC bypass
  - Checks whether UAC is enabled
  PID:7668
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:9448
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - Checks whether UAC is enabled
  - System policy modification
  PID:8064
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:10100
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - UAC bypass
  PID:8216
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:10248
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - UAC bypass
  - Checks whether UAC is enabled
  PID:8584
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:10864
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  - Checks whether UAC is enabled
  - System policy modification
  PID:8832
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:10620
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:9160
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:11464
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:8232
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:11624
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:6268
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:11860
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:9296
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:12040
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:9764
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:12228
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:5520
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:7324
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:10664
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:12664
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:11072
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:13400
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:3664
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:2516
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:11552
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:15288
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:11756
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:16520
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:12024
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:17884
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:12200
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:18896
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\usbwrite.exe" "C:\Users\Admin\usbwrite.exe" & pause
  2⤵
  PID:11004
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:11484
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:20260
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:12788
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 30
    3⤵
    PID:15060
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:13652
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:14712
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:15864
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:17356
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:16400
- C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe
  "C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\defender.exe"
  2⤵
  PID:19744

C:\Windows\system32\conhost.exe
\??\C:\Windows\system32\conhost.exe "-5648248952119669139-1810656806-161706561612351994191693395759-730789806-108244312"
1⤵
PID:1852

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:4240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest3.exe

Filesize
17KB

MD5
05a9d377f26e6c48b167f64fd802899b

SHA1
90dc58c88d853ea53fcd54410f0cc7c5fd393f05

SHA256
47c889dd63190f07f54b7f3db663a1fb54c1fa981caab5b627885ac92b156337

SHA512
aa728441651b381442f09b7188349f926aec5f5ce57226d620aec7210ec19ba32ad52cf9a75cf71180041b5ee87b0245ad5534e4e738a4d174a1fc5f2a04afb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\AntivirusDefender-main\AntivirusDefender\AntivirusDefender\bin\Debug\antivirusfalsepositivetest4.exe

Filesize
10.1MB

MD5
97f44c7df82adc19ce025cfc8958245c

SHA1
699fb553ea85db7c6c5fc5118ab7a1a0c3b19602

SHA256
0fc9a98ed6bad1f94e0357b6bb833b4eca20bea119abc0cdfa3bb4caeeddcda1

SHA512
e2da423ba4eee8f4e836f5eeed82bfe9cf482a911200f805dcdff20d41901c73b40faf187c66ef2e32f9ec8f6d565c43f38229c026285dd0411d4c1c8c22c27e

Download Submit
memory/1096-33-0x0000000074AD0000-0x0000000074B1A000-memory.dmp

Filesize
296KB

Download
memory/1096-32-0x0000000074C40000-0x0000000074C48000-memory.dmp

Filesize
32KB

Download
memory/2028-18-0x0000000074360000-0x0000000074A4E000-memory.dmp

Filesize
6.9MB

Download
memory/2028-2-0x0000000005790000-0x00000000057D0000-memory.dmp

Filesize
256KB

Download
memory/2028-19-0x0000000005790000-0x00000000057D0000-memory.dmp

Filesize
256KB

Download
memory/2028-0-0x0000000074360000-0x0000000074A4E000-memory.dmp

Filesize
6.9MB

Download
memory/2028-1-0x00000000001F0000-0x0000000000C86000-memory.dmp

Filesize
10.6MB

Download
memory/2192-39-0x0000000077160000-0x0000000077309000-memory.dmp

Filesize
1.7MB

Download
memory/2300-9-0x0000000000240000-0x000000000024A000-memory.dmp

Filesize
40KB

Download
memory/2784-40-0x000000004A740000-0x000000004A78C000-memory.dmp

Filesize
304KB

Download
memory/3768-22-0x0000000074B20000-0x0000000074B7C000-memory.dmp

Filesize
368KB

Download
memory/12124-42-0x0000000077160000-0x0000000077309000-memory.dmp

Filesize
1.7MB

Download
memory/13492-30-0x0000000075AC0000-0x0000000075AD9000-memory.dmp

Filesize
100KB

Download
memory/14656-31-0x0000000075AC0000-0x0000000075AD9000-memory.dmp

Filesize
100KB

Download
memory/14920-43-0x0000000077160000-0x0000000077309000-memory.dmp

Filesize
1.7MB

Download
memory/16260-38-0x0000000077160000-0x0000000077309000-memory.dmp

Filesize
1.7MB

Download
memory/16372-44-0x0000000077160000-0x0000000077309000-memory.dmp

Filesize
1.7MB

Download
memory/20164-35-0x0000000074C40000-0x0000000074C48000-memory.dmp

Filesize
32KB

Download
memory/20164-36-0x0000000074AD0000-0x0000000074B1A000-memory.dmp

Filesize
296KB

Download
memory/20164-37-0x00000000752E0000-0x000000007538C000-memory.dmp

Filesize
688KB

Download
memory/21276-27-0x0000000077160000-0x0000000077309000-memory.dmp

Filesize
1.7MB

Download
memory/21884-23-0x000000004A740000-0x000000004A78C000-memory.dmp

Filesize
304KB

Download
memory/23156-28-0x0000000075AC0000-0x0000000075AD9000-memory.dmp

Filesize
100KB

Download