Input on payload idea? Search for traces of crypto wallets.

[jimcola99]

Once I sold my Grandma's old purses at a yard sale.  This lady came up and started going through the pockets and found some change and gave it back to me.

Anyways,  When you buy an old computer or somebody dies and you get an old computer.  Why not search for traces of crypto wallets?

 

Here is some powershell that searches your profile for certain keys words and prints out your Chrome extensions.  Drops in a file called report.txt on your desktop.

Here is the powershell I got so far.  Thoughts, improvements?   Maybe search for filenames too, Figure out how to search strings in word and excel documents.  This only searches text documents.

Maybe grab the chrome saved passwords as well?  Search for multibit or electrum installed on the PC?

write-output "Crypto Search"| Out-File -FilePath $env:USERPROFILE\Desktop\report.txt
$searchstrings = @("password", "bitcoin", "mnemonic", "private key", "coinbase", "monero", "multibit", "electrum")
foreach ($searchstring in $searchstrings)
    {
    Get-ChildItem -Path $env:USERPROFILE\*.* -Recurse  -Exclude report.txt -ErrorAction SilentlyContinue|Select-String -Pattern $searchstring|Out-File -Append -FilePath $env:USERPROFILE\Desktop\report.txt 
 }

$targetdir = "$env:LOCALAPPDATA\Google\Chrome\User Data\Default\Extensions"

$extensions = Get-ChildItem $targetdir
write-output "chrome extensions"| Out-File -Append -FilePath $env:USERPROFILE\Desktop\report.txt
Foreach($ext in $extensions){

Set-Location $targetdir\$ext -ErrorAction SilentlyContinue

$folders = (Get-ChildItem).Name

Foreach($folder in $folders){
Set-Location $folder -ErrorAction SilentlyContinue
$json = Get-Content manifest.json -Raw | ConvertFrom-Json
$obj = New-Object System.Object
$obj | Add-Member -MemberType NoteProperty -Name Name -Value $json.name
$obj | Add-Member -MemberType NoteProperty -Name Version -Value $json.version
Write-Output $obj | Out-File -Append -FilePath $env:USERPROFILE\Desktop\report.txt
}}