SetupHijack – Installer and Updater Race Condition Proof of Concept for Local Escalation

DumpBrowserSecrets is a Windows post‑exploitation tool that harvests browser-stored secrets (cookies, saved logins, OAuth refresh tokens, credit cards, autofill, history, bookmarks) from major Chromium-based browsers and Firefox. It bypasses Chrome's App‑Bound Encryption by spawning a headless Chromium process and injecting a DLL via Early Bird APC to leverage the IElevator COM interface, supports DPAPI and NSS decryption for other browsers, includes multiple operational evasion techniques, outputs structured JSON, and is positioned for red-team and assumed-breach testing while presenting a high-risk credential-exfiltration capability if misused.