Browser Directories
- IceDragon:
%APPDATA%\Comodo\IceDragon\Profiles\<PROFILE>\ - K-Melon:
%APPDATA%\K-Meleon\Profiles\<PROFILE>\ - Mozilla Firefox:
%APPDATA%\Mozilla\Firefox\Profiles\<PROFILE>\ - Pale Moon:
%LOCALAPPDATA%\Moonchild Productions\Pale Moon\Profiles\<PROFILE>\
Target Files
InfoStealers target the following files in the profile directory of each browser:
- Cert9:
cert9.db - Key4:
key4.db - Credentials:
logins.json - Cookies:
cookies.sqlite - History:
places.sqlite - Form History:
formhistory.sqlite - Sessions:
sessionstore.jsonlz4 - Extensions:
storage\default\moz-extension+++*