If you find the wallet folder in your logs and MetaMask in it. Then this article is for you.
Let's start with the fact that Metamask is a browser add-on, and from the screenshot we see that there are two wallets in the logs.
Open a folder of your choice
We are only interested in a text document, open it (in the lost folder there are also logs for old wallets, you can check them too.)
Press Ctrl + F and in the search we write Vault
This is the private vault data from the wallet, copy and paste it into a blank text document.
We remove the \ symbol in our Vault, use CTRL + H for this and replace it.
Change everything and get the resulting output.
Now we will restore the mnemonic phrase to enter the wallet. We go to https://metamask.github.io/vault-decryptor/ and place our vault.
All you have to do is enter the password of the wallet (passwords are in the password file), you need to choose the password from your logs. If the password is correct, we get this.
Once you get the 12 Digit Seed Key, you know what to do.
I also recommend you to check the wallet address on the website https://zapper.fi/ for other coins and NFTs.
Stay well.
Sir, what can be done with the seed key? It is obvious that it is a secret thing, but can you explain how to use it?
You can access all the victim's crypto assets by logging in through cold wallets such as Metamask and Trustwallet.
The stealers you use must be capturing the passwords. You will use them to find the 12 digits in the man's passwords. When you print out the 12 digits, delete the man's wallet cookies, the metamask cookies you have, install the man's cookies, then open Google, click on the add-on and enter the password, you will directly log in to the man's account.
First, download the metamask plugin to the Chrome application, then copy the content of any metamask file in the logs.
C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Go to this link and paste the items you copied here, then go to Chrome, open the metamask extension, you can try your password one by one from the password section in the metamask log you copied and access your metamask wallet.
Open the notepad in the metamask log file, press ctrl+f, search for cachebalance, copy the address on the right side, go to etherscan.io or bscscan.com and paste it, check if there is a balance and if you can find a pass, the wallet is yours.
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Delete the files here and add the files in your rat log.
You can log in with the possible passwords in the Password.txt file.
This method is valid for other wallets.
1-First of all, you will add the Metamask extension from Chrome.
2-Then you will go into the metamask file dropped from the stealer and copy them all.
3- -C:\Users\YourUserName\AppData\Local\Google\Chr ome\User Data\Default\Local Extension Settings\, go to this extension, find the metamask folder, delete the contents and copy the contents from the metamask log here.
4- Then you will open Chrome again and enter MetaMaska from extensions and it will ask for a password. If you find that password in the log (you can try the ones in the passwords list) you can log in.
Let's start with the fact that Metamask is a browser add-on, and from the screenshot we see that there are two wallets in the logs.
Open a folder of your choice
We are only interested in a text document, open it (in the lost folder there are also logs for old wallets, you can check them too.)
Press Ctrl + F and in the search we write Vault
This is the private vault data from the wallet, copy and paste it into a blank text document.
We remove the \ symbol in our Vault, use CTRL + H for this and replace it.
Change everything and get the resulting output.
Now we will restore the mnemonic phrase to enter the wallet. We go to https://metamask.github.io/vault-decryptor/ and place our vault.
All you have to do is enter the password of the wallet (passwords are in the password file), you need to choose the password from your logs. If the password is correct, we get this.
Once you get the 12 Digit Seed Key, you know what to do.
I also recommend you to check the wallet address on the website https://zapper.fi/ for other coins and NFTs.
Stay well.
Sir, what can be done with the seed key? It is obvious that it is a secret thing, but can you explain how to use it?
You can access all the victim's crypto assets by logging in through cold wallets such as Metamask and Trustwallet.
The stealers you use must be capturing the passwords. You will use them to find the 12 digits in the man's passwords. When you print out the 12 digits, delete the man's wallet cookies, the metamask cookies you have, install the man's cookies, then open Google, click on the add-on and enter the password, you will directly log in to the man's account.
First, download the metamask plugin to the Chrome application, then copy the content of any metamask file in the logs.
C:\Users\...\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Go to this link and paste the items you copied here, then go to Chrome, open the metamask extension, you can try your password one by one from the password section in the metamask log you copied and access your metamask wallet.
Open the notepad in the metamask log file, press ctrl+f, search for cachebalance, copy the address on the right side, go to etherscan.io or bscscan.com and paste it, check if there is a balance and if you can find a pass, the wallet is yours.
C:\Users\pc\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Delete the files here and add the files in your rat log.
You can log in with the possible passwords in the Password.txt file.
This method is valid for other wallets.
1-First of all, you will add the Metamask extension from Chrome.
2-Then you will go into the metamask file dropped from the stealer and copy them all.
3- -C:\Users\YourUserName\AppData\Local\Google\Chr ome\User Data\Default\Local Extension Settings\, go to this extension, find the metamask folder, delete the contents and copy the contents from the metamask log here.
4- Then you will open Chrome again and enter MetaMaska from extensions and it will ask for a password. If you find that password in the log (you can try the ones in the passwords list) you can log in.
