Merge pull request #5 from EvilBytecode/main

Update (TRIAGE DETECTION)

AntiCrack-DotNet/AntiVirtualization.cs

@@ -282,6 +282,22 @@ public static bool CheckForParallels()
             return false;
         }
 
+        public static bool TriageCheck()
+        {
+            using (var searcher = new ManagementObjectSearcher("SELECT * FROM Win32_DiskDrive"))
+            {
+                foreach (var item in searcher.Get())
+                {
+                    string model = item["Model"].ToString();
+                    if (model.Contains("DADY HARDDISK") || model.Contains("QEMU HARDDISK"))
+                    {
+                        return true;
+                    }
+                }
+            }
+            return false;
+        }
+
         public static bool CheckForQemu()
         {
             string[] BadDriversList = { "qemu-ga", "qemuwmi" };

AntiCrack-DotNet/Program.cs

@@ -104,6 +104,7 @@ private static void ExecuteAntiDebuggingTricks()
         private static void ExecuteAntiVirtualizationTricks()
         {
             ConsoleConfig.DisplayHeader("Executing Anti Virtualization Tricks");
+            ConsoleConfig.DisplayResult("Checking For Triage: ", AntiVirtualization.TriageCheck(), "Checks if Triage is present through disk.");
             ConsoleConfig.DisplayResult("Checking For Sandboxie Module in Current Process: ", AntiVirtualization.IsSandboxiePresent(), "Checks if Sandboxie is present.");
             ConsoleConfig.DisplayResult("Checking For Comodo Sandbox Module in Current Process: ", AntiVirtualization.IsComodoSandboxPresent(), "Checks if Comodo Sandbox is present.");
             ConsoleConfig.DisplayResult("Checking For Cuckoo Sandbox Module in Current Process: ", AntiVirtualization.IsCuckooSandboxPresent(), "Checks if Cuckoo Sandbox is present.");