If I was going to attempt this with a VM, maybe I would try to perform a checksum on every file first then recheck everything after an hour (from a powered down state) and look for changes. I would be concerned that any malware would simply be a downloader for something which is undetectable to AV.
Probably the wrong place to ask, but this seems like such a fun experiment to try but maybe more difficult than I initially thought.
Probably the wrong place to ask, but this seems like such a fun experiment to try but maybe more difficult than I initially thought.