Pre-made Windows 10 Scambaiting Virtual Machine (discontinued)

NeeP · 23 February 2021 20:37

[size=5][color=#c90000]This project has been discontinued, see my Windows 11 VM here: https://scammer.info/t/pre-made-windows-11-scambaiting-virtual-machine/81996[/color][/size]

If you don’t want to go through all the hassle of disguising a virtual machine and getting it ready, then look no further. In this post, I present my pre-made scambaiting virtual machine and their required software:

I created this virtual machine for VMware so it works best with VMware products, e.g. VMware Player (free) or Workstation Pro (paid) to run. I converted it to VirtualBox as well which should work, just I don't know if it's fully disguised. Download the .7z file depending on which version you want. To unpack this archive, you'll need 7-Zip (download link below). Open VMware and click on 'Open' and select the .vmx file. I set RAM to 4 GB, depending on how much physical RAM you have installed, change it up to 8 GB for better performance. Don't assign more than 50% of your physical resources to the VM. The default user is *Ben*, password is *root*. This virtual machine has BestX Keylogger installed to see what the scammer is typing. To see the interface, open the Run box with ⊞ Win + R, then type unhide. If that doesn't work you need to re-install BestX Keylogger (https://bestxsoftware.com/). Also, I included a fake popup if you need one. It's located on the desktop as 'Micerosoft' link. You can edit the number in the HTML.

Troubleshooting:

The features supported by the processors in this machine are different from the features supported by the processors in the machine on which the virtual machine state was saved.
An error occurred while restoring the CPU state from file “C:\Users\person\Documents\VMs</s>\vmware\Neep Win10\Win10 Scambaiting by NeePWin10 Scambaiting by NeeP-Snapshot4.vmsn”
An error caused the restore operation to fail. Cancel the restore operation and correct the error, or discard the snapshot’s state and power off. The saved snapshot will not be affected.

If you receive this message, you most likely have an Intel CPU and since I'm using an AMD CPU, the saved snapshot won't resume as the CPU doesn't get virtualized properly. This is no big deal. Just discard the snapshot's state and reboot. Don't forget to take a snapshot of the VM once you are ready.

Download:
Download 7-Zip: https://www.7-zip.org/a/7z1900-x64.exe
Download VMware Player (free): https://my.vmware.com/en/web/vmware/downloads/details?downloadGroup=PLAYER-1610&productId=1039&rPId=55793

Credits to all those whose tools/tutorials were used to make it stealthy:

Basic VM provided by Micrsoft at Microsoft Edge Developer website - Microsoft Edge Developer
Jim Browning [Tutorial] How to make a stealthy Virtual Machine: [Tutorial] How to make a stealthy Virtual Machine - YouTube
Lost Key who created an easy-to-use batch script: Make Your Virtual Machine Stealthy (VMWare + VBox) (Batch) - Pastebin.com
UFO Pilot’s fake msinfo32: Loading...
Firefox Browser History generator: https://trackthis.link
Cyberror Scambaiting Guide: https://web.archive.org/web/20210214220701/https://cyberror.com/how-to/scambaiting-guide/

zelium · 23 February 2021 21:46

awesome! works like a charm

NeeP · 1 March 2021 16:59

@zelium#179491 thank you!

---

I also added a more detailed description to the original post about the installed programs on the virtual machine.

dcol5338 · 7 March 2021 05:07

Hi, I am sorry if this is me being stupid but when I boot the virtual machine, it cannot connect to the internet. I have tried everything and it wont work. I was wondering if this is something because of how you made the VM or what?

Any help would be appreciated.

<3

NeeP · 7 March 2021 08:03

@dcol5338#181429 what’s the error message that is showing? I think that shouldn’t be the case. Should be possible to fix.

dcol5338 · 8 March 2021 02:11

@NeeP#181436 There isnt an error message per se. It just says that it is a wired connection but it is unable to connect to the internet. I have tried the netsh int ip reset and winsock, but nothing seems to work. I have messed with all the settings for VM network connectivity and everything.

<3

NeeP · 23 March 2021 20:07

@dcol5338#181488 I have no clue what the issue might be as it’s working for me and for others. Maybe change the network setting from NAT to Bridged and reboot the VM to see if it works. Also, does it happen with the VirtualBox or VMware version?

Edit: Another user had the same issue using VMware Player. Going to VMware Workstation Pro fixed the issue instantly without any other changes.

----

I updated the initial post with an update regarding the keylogger. If typing "unhide" in run box doesn't show the keylogger panel you need to re-install BestX Keylogger (https://bestxsoftware.com).

PikaPikaGamer · 21 April 2021 10:08

Trying to use this in VirtuaBox and I did everything correct, but it says Fatal: INT18: Boot Failure.

dillpickle778 · 22 April 2021 12:12

@PikaPikaGamer#188760 did you turn on hyper virtualization in the bios of your computer? (at least I think that ya need that on)

PikaPikaGamer · 23 April 2021 17:19

@dillpickle778#189014 Yeah I fixed it, but this virtual machine still says VirtualBox everywhere, so it didn’t really work.

NoScamForYou · 23 April 2021 18:09

is it possible to get this set up with Hyper-V?

Jameel · 26 April 2021 22:13

@NeeP#179456 Thanks so much, my stupid vm was having issues with admin and sys32.

Dexter · 15 May 2021 17:50

@NeeP this link not working anymore

Cyberror Scambaiting Guide: https://cyberror.com/how-to/scambaiting-guide

NeeP · 19 May 2021 09:30

@Dexter#193321

That's true. Luckily, it has been archived in the WaybackMachine, it's still available there: https://web.archive.org/web/20210214220701/https://cyberror.com/how-to/scambaiting-guide/

BattyBoy · 14 July 2021 17:02

How do i decrypt it

NeeP · 14 July 2021 17:33

wdym by decrypt? Nothing to decrypt there

BattyBoy · 15 July 2021 23:44

I got it… Something was happening to the one url… But we’re in the clear… The Scammers are

Cheer’s Neep

You and ScammerBlaster are my heroes

JimBond007 · 16 July 2021 02:17

Awesome @NeeP
VMWare fusion player for mac is free for personal use.
Just now installed VmWare Fusion player for mac, unzipped the zip file using Keka for mac.

Actually when I gave scammers, access to my existing VM, they got doubt with the windows not registered but still tried to scam me. Also my existing my vm on virtual box was not that perfect…

Thank you so much, this saved lot of time…

Also the only thing missing is a fake “bank of america”/ “chase” inside this VM.
Few days ago, when I opened a chase demo, that scammer got so excited. He didn’t even realize that it’s a demo website.

Found a work-around for the bank website…
Opened the chase demo bank website in chrome browser,
Using the inspect element(which scammers usually do),
I removed the text “THIS IS A DEMO WEBSITE ONLY”
and replaced it with
“Trusted Certificate Issued by JP Morgan Chase & Co.”

t8keover · 3 September 2021 12:55

Is it just me or is the 7z file missing. Could someone give me a link?

notgerg · 11 September 2021 00:19

wheres the link?