I’ve downloaded a win 10 VM
installed a bunch of software from ninite, just a bunch of random shit
you want to convince your scammer that you’ve been using this computer for a while.
then I downloaded an application called macro express. This program will close certain windows that I don’t want the scammer to have access to.
I will then tell them that I have virus that is disallowing me from opening said windows.
the windows I’ve locked down are
CMD - Command Prompt
Run
System Information
Do you have any other ideas to further better this little honey pot?
to hide vm in apps and features:
open regedit
go to hkey_local_machine>software>microsoft>windows>currentversion>uninstall
each folder is linked to a programme, in the folders see “DateInstalled” and change it, if not create the key and type the date.
also: delete the VMTools programme, click on the corresponding folder and delete it all. the programme won't appear in the list afterwards.
to hide vm in dxdiag/display:
open regedit
go to hkey local machine > system > controlset001 > control > class > "display adaptaters" > 0000
and change the names
in dxdiag/basic:
shut down your vm
go to your vm .vmx file, edit it with notepad
at the end of the file type smbios.reflecthost = "TRUE"
leave a space
don't forget to hide the vm in tskmgr, for windows 10 you have to get rid of "Virtual machines: Yes" which isn't the case in Windows 7.