By the way if you're going to use a windows box forget using standard AV tools. Microsoft's Defender is useless, as is most of the normal AV tools. A bit of recompiling and a little salt and an executable with a full reverse command shell can be installed in no time.

Get a real EDR and AETD tool like SentinelOne, or Crowdstrike. They can usually spot fileless tricks in about 6-10 seconds, giving the attacker a pretty limited window to get a persistent session going. Granted they could loop but your system should scream about thousands of attacks being killed a minute, if you're not monitoring your system you're fucked.

Better option: 10 year old burner PC. Best option Kali type burner OS.