hfiref0x

You mean simple check if there any AV installed or detect what exactly installed? IMO it useless as it will be _always_ at least 1 installed on Windows 10 (WD).

@recvfrom If you can provide comprehensive list of these artifacts per each AV this can be done.

@lurumdare It is the the same as GetTickCount and already used in this project as generic detect if time was accelerated. The other usage can be like in Upatre trojan...

Out of curiosity, what you want to do? Do you writing a client, that is connecting to the ftp server?

Hello, yes it leaks resource, because shellcode which steal system token doesn't dereference EPROCESS objects with ObDereferenceObject. This is _exactly_ how it implemented in Sednit from APT28. The goal of...

This project is not maintained since 08.2020. Last VBox version it was checked against was 6.1.2-6.

Shit happens. Switch to another provider.

Run kdu -diag and post results here

> when using DSE 0 i got cl critical structure corruption bsod 20h2 OS Build 19042.804 Sure why not. It is expected Windows reaction. What is your question here?

You have corrupted critical Windows structure that is under PatchGuard supervision with a random time of check. Of course it can and will BSOD sometime.