chushpan
Professional
- Messages
- 937
- Reaction score
- 731
- Points
- 93
Metamask
1) Download the extension
2) Go to the folder "AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn"
3) Replace with files from the log
4) Go to the browser and check the extension (Select the password from brute.txt) Balance check of the updated version of the MetaMask extension with an empty .log file
1) Go to the folder "AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn", delete the files in it and move the files from the log
We move files to the folder
2) Open Chrome, launch the MetaMask extension - enter a random password several times and close Chrome.
Enter a random password several times and close Chrome
3) Go back to the folder "AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn", open the updated .log file and look for lastSelected in it - we see the victim's wallet address.
Updated .log file
Find the address.
Coinbase
1) Download the extension2) Go to the folder "AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
3) Replace the files with those in the Wallets/Coinbase log folder
4) Go to the folder "AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb"
5) Replace the files with those in the Chrome/BrowserDB log folder
BrowserDB folder
6) Go to the folder "AppData\Local\Google\Chrome\User Data\Default\IndexedDB" and delete all files.
7) Go to the browser and check the extension (Select the password from brute.txt)
Coinbase Balance Check Extension
1) Go to the extension and click "Inspect"
Click on Inspect
2) Next, select the Application tab and go to Local storage - here we can see the victim's wallet address.
Find the victim's wallet address.
Exodus
1) Download the application
2) Go to the folder "AppData\Roaming\Exodus\exodus.wallet"
3) Replace with files from the log
4) Log in to Exodus. (If there was no "passphrase" file in the log, you will need to select a password)
BinanceChain
1) Download the extension
2) Go to the folder "AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp"
3) Replace with files from the log
4) Go to the browser and check the extension (Select the password from brute.txt)
TronLink
1) Download the extension
2) Go to the folder "AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec"
3) Replace with files from the log
4) Go to the browser and check the extension (Select the password from brute.txt)
Ronin Wallet
1) Download the extension
2) Go to the folder "AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec"
3) Replace with files from the log
4) Go to the browser and check the extension (Select the password from brute.txt)
Electrum
1) Download the application
2) Go in and select a file from the log (Select the password from brute.txt)
Atomic
1) Download the application
2) Go to the folder "AppData\Roaming\atomic"
3) Replace with files from the log (Select the password from brute.txt)
Jaxx Liberty
1) Download the application
2) Go to the folder "AppData\Local\JxBrowser\browsercore-69.0.3497.12.6.23.1\data" or AppData\Roaming\com.liberty.jaxx
3) Replace with files from the log
4) Go to Jaxx
Metamask Mozilla
1) Download the extension
2) Go to the folder "C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5k387tqu.default-release\storage\default", the profile name is different for EVERYONE. Here we find the folder with the MetaMask extension.
Folder with extension, go to it.
Let's go to idb.
Go to the folder with the extension.
Copy the name of this file.
Rename the file in the log folder and replace it in the previous one.
3) Replace the renamed file of the wallet folder (Select the password from brute.txt)
