Pre-made Windows 11 Scambaiting Virtual Machine

This virtual machine is based on Windows 11 Insider Preview. I created this virtual machine for VMware so it works best with VMware products, e.g. VMware Player (free) or Workstation Pro (paid) to run. Download the .7z file. To unpack this archive, you’ll need 7-Zip (download link below). Open VMware and click on ‘Open’ and select the .vmx file. I set RAM to 4 GB, depending on how much physical RAM you have installed, change it up to 8 GB for better performance. Don’t assign more than 50% of your physical resources to the VM. The default user is Joe , the password is 0808 . Also, I included a fake popup if you need one. It’s located on the desktop as ‘Micerosoft’ link. You can edit the number in the HTML.

If you’re using VMware Player (the free one), then you might need to follow this guide to enable TPM 2.0 if the VM doesn’t work right out of the box: How to enable TPM 2.0 support in VMware Workstation Player for free - gHacks Tech News

Screenshot:

:one::arrow_right: Download 7-Zip: 7-zip.org
:two::arrow_right: Download VMware Player (free): vmware.com
OR
:two::arrow_right: Download VMware Workstation (paid): vmware.com
:three::arrow_right: Download the VM: 9.72 GB file on MEGA
OR
:three::arrow_right: Download the VM as torrent: magnet:?xt=urn:btih:328EC6986163FB573FC36DFC09CE058A86FE6DB4&dn=Win11%20Scambaiting%20by%20NeeP.7z&tr=udp%3a%2f%2ftracker.opentrackr.org%3a1337%2fannounce

Versions:

Version 1.0 (2021-10-11)

initial release

Version 1.1 (2021-10-12)
  • fixed the Task Manager saying “Virtual Machine: yes”
  • fixed Installed Programs showing VMware Tools

Credits to all those whose tools/tutorials were used to make it stealthy:

PS: If you’re looking for a Windows 10 VM, look over here: Pre-made Windows 10 Scambaiting Virtual Machine (New 2022)

13 Likes

Task manager says virtual machine: yes

Fake msconfig, msinfo32, systeminfo.exe, bcdedit.exe, dxdiag.exe and more:

http://www.helpme2000.com/support/scambait/scambait.html

–Ray

2 Likes

updated 2021-10-12:

  • fixed the Task Manager saying “Virtual Machine: yes”
  • fixed Installed Programs showing VMware Tools

new version available for download in the initial post.

1 Like

So cool. Thanks so much!

1 Like

Thank you NeeP. I found this VM from the TLS Discord and this looks very convenient and helps make sure people don’t miss a step when configuring a VM.

Does this VM also have a keylogger built in like the W10 machine did?

Cheers.

2 Likes

This vm does not contain a keylogger as it turned out to cause problems / didn’t work somehow when it came like that with the vm. People complained and the solution was the keylogger had to be re-installed for it to work. So that’s why it makes most sense to install that on your own if you need it. I used bestxkeylogger however there are other ones as well.

Cheers!

2 Likes

Thanks! I assume you still need TPM 2.0 to run a windows 11 vm? Or am i wrong about that?

@dillpickle778 I’m not sure. I’ve read that it’s required but then recently I saw in the news that they dropped the requirement. But I can’t say how that affects virtualization and if VMware emulates TPM 2.0 for it to run correctly even if your host PC doesn’t support it. That being said, I think most if not all PCs these days have TPM 2.0 anyway: I read in an article that AMD and Intel mainboards and CPUs support TPM 2.0 since 2015. So any newer PC should be able to run it. Older PCs will probably struggle anyway with running a VM.

Will the Windows 10 VM be made available again? I’ve gone through troubleshooting to attempt to make this one work, but there’s something different between this build and whatever the leaked build was. It won’t even attempt to boot without TPM and secure boot enabled. However, it just constantly boot loops. It fails booting, restarts, repairs boot, restarts, crashes, etc.

ETA: Using the latest version of VMWare Workstation that’s available (16.2).

1 Like

Okay so it’s not just me then.

1 Like

@S.Martin2000 @ScambaitReapy Does your PC support TPM 2.0? If you are not sure, please check this guide: How to check if your PC has a trusted platform module (TPM) | Windows Central

I’m running on a AMD B550 motherboard and a Ryzen 5000 series CPU, so quite recent but it should run on hardware that’s 4 years old and newer for sure.

2 Likes

My CPU should support it, but I do not have TPM enabled because I do not want Microsoft to surprise replace W10 with W11 one day and cause problems.

If you’re using VMware Player (the free one), then you might need to follow this guide to enable TPM 2.0 if the VM doesn’t work right out of the box: How to enable TPM 2.0 support in VMware Workstation Player for free - gHacks Tech News

1 Like

Welcome!!

Thank you so much i am downloading this now

1 Like

Today VMware has Black Friday sales, Workstation 16 without support costs one time $140. Black Friday 2021 Savings Event | VMware

There is some VM detection script but mine doesn’t get detected haha:

Tool can be downloaded at: GitHub - Back-X/anti-vm: Detect virtual machine environment

1 Like

Sorry for the late reply. I am a student that was able to purchase a full VMWare Workstation license, so this is what I use. I attempted to force VMWare to use the TPM module as mentioned in my original post. But I am not enabling the TPM chip on my workstation for various reasons, mainly being that Windows 11 is not a ready product and removes features present in Windows 10.

If the Windows 10 VM is not available anymore, I’ll just create my own. It seems flawed to remove the download for W10 VM when there is an entire group of users that will purposely keep their TPM chip disabled to prevent unpleasant surprises from Microsoft.

There is a bug that allows hackers to escape the virtual machine using the virtual CD-ROM drive. While it’s very unlikely that scammers know how to exploit it, I still recommend doing the following steps:

  • Update your VMware Workstation / Player by going to Help → Software Updates and then click the “Check for Updates” button
  • Fully shutdown the VM and remove the CD-ROM drive by doing these steps:

More info: VMSA-2022-0001 & VMSA-2022-0001 CD-ROM vulnerability patch workaround and Locked CD-ROM error - Virtualization Howto

2 Likes

Continuing the discussion from Pre-made Windows 11 Scambaiting Virtual Machine:

This won’t work with VMware workstation 15Pro? Am I doing something wrong?