API tools faq
paste
Guest User

Check-ChromeMaliciousExtensions.ps1

a guest
Apr 14th, 2026
74
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 4.80 KB | None | 0 0
raw download clone embed print report
  1. # Malicious Chrome extension IDs (Socket report - 108 total)
  2. $extensionIds = @(
  3. "aaaljjgdoaocjjjplplfopjpdhbmbfek",
  4. "aabnnhjefnphbplhgjkddpbnjbcbekgf",
  5. "aadmacdlmfafhkkddjknacahmklkpeij",
  6. "aapocclcgogkmnckokdopfmhonfmgoek",
  7. "abfijhddgjbdeedojgbifkbnkdlhbnnf",
  8. "abmohcnlldaiaodkpacnldcdnjjgldfh",
  9. "acmfnomgphggonodopogfbmkneepfgnh",
  10. "adbbhmdcnljkkfjbbkldfpfkgkoffbnn",
  11. "adnljgpbkcljlkjckehfklfflccfemdm",
  12. "aeijljhpnjkgfphgljnddnkkmjjifdnj",
  13. "afapdghddghjchhkkgncbbdnjflkhepj",
  14. "afdfpkhbdpioonfeknablodaejkklbdn",
  15. "afkggdpkhnbjokdkkhphbgjbbjppfjmh",
  16. "agfddnbnjflbpgkpimnfdedmmdkcckpm",
  17. "ahkdhfngcbbnjkljflkgnmddndcbbhkm",
  18. "ajhfjkdbklkflkmjljhgjgkppphkchcc",
  19. "akbpmfepnbgppjjfbcdfbdfpjpjijngp",
  20. "aklckgfmhdddfhjkmbkglkcmfbdjdbbd",
  21. "alfgjmbobkmbhfgfbdfodckapgdcgnhn",
  22. "amjfjkcepgjfghnmfmjcbfgbpkhnbcdb",
  23. "anbdfkcgofgdbpdkbghmbdbkkpkgljgl",
  24. "aogfblgplcldjcbjdcfpgkhlhfjkgnfn",
  25. "apbkgmdkphjhhckcdeefcokgnbdbbghp",
  26. "apfpjkbemgkndbdbfkmnklpplbcbkbfd",
  27. "bbdkkhglcngnbjefejokjkhfjgfgodko",
  28. "bbpbcnghgncplcfkdbnckokoggnkjhnh",
  29. "bchdcegkmjnhkcbhjpjpmmjdmhngpjaf",
  30. "bclmnhpplmmbchcpgfdbpcknppbnddkg",
  31. "bdhknchfgkhhblhbbbjhlnjibldhdfok",
  32. "bdlkkghcchkjjpcfegfcbgkmobdkmppp",
  33. "bffnjdpejgnfcbgjahpbhhbncghblmcc",
  34. "bfpfgljhlklddcnhnhhfjgkbbjndobob",
  35. "bggmnjgffcdopbbpccpofbghnkjdclfd",
  36. "bhhkkfgehpjdppgdcgbjnglkkfpkfngb",
  37. "bhnddggedppgkpehmbkfgkhjmbbnfbpl",
  38. "bjepkfcpmffhghppcchhngfbdlpkfjcc",
  39. "bkflgkhcghcgbbjpddmkljokfghmfbnp",
  40. "bldfnlkhhajpnhglfhfpgemlmbbgdncd",
  41. "bmddhmdcdbokdfjepjipgclbghhbbhfd",
  42. "bnhfgkgnpbhmjflfllkpkjgnjphnppok",
  43. "bnmbhkmnhdmdhcldbndgpdjplfdfnhpj",
  44. "bocdmpgfbiafkjplgpkofgdfklddbfdi",
  45. "bohlnkfhgljhjkhkglmbdlfkpnpmmlfg",
  46. "bpfnpfnhblnkgjhgjcgjkglfdfkplkcf",
  47. "bplnkhbknfknkghhdfjpbjjbbgdlodkd",
  48. "bpmkchjdfnjgkdfkgjhjjgkbjlgkhkmb",
  49. "bpnhcbcfjbfifgdhgmnkclffgpmjgnap",
  50. "bppbjaffljgkffjpmjhhgkcmncmkbbhn",
  51. "ccfkgkhpjbhjgjcgbpnhkmpkcpdfnllb",
  52. "cdmbfpjnbdnbhkpibbnmjcogkbbkdfbh",
  53. "ceflkbljghbchdphbnflfkkmnjpjnhmc",
  54. "cfdhgjpbkchlhfpfkflffklnkpnljnmb",
  55. "cfkgkkjghmdmdblbhdcibplkjbjhdbaf",
  56. "cgggkpgmhlbbjnddflgjphdjbppbldfd",
  57. "chfgdfmnhncfjhdgcbkjgkfhffkdfmbd",
  58. "cjbdjnnncfngbblhdfghjhpkncgglpgj",
  59. "ckbggpnfphkdfbjcbjfjhchbbkmbkddh",
  60. "cljbbkhhfjghnbjpphdfnkkdddkngjpn",
  61. "clmcfmhplhkjcpldfddffkgkbnfdfmch",
  62. "cmdbkldkfhjndodfhgkhlbbkddpjhbdg",
  63. "cmfndfmbjphcgnbjgdbfhkdbpkdpppkk",
  64. "cnbfhfkghfpncdgkphmddhnhkddjpbob",
  65. "cnfkjjcfphbgbjhhdfkplkfjghnmbhgg",
  66. "cpmbkjffgkphdfdjjdfgjkghgfgdmbmk",
  67. "cpmcdbkbhjkmdbpghgcfahpgjddfmpjp",
  68. "cpnhhgdfkbhfndpfgdmbfgkdbkkgjbbh",
  69. "cpplkfdcclmcknmkfmbdnjjndgkkhngh",
  70. "cptngkfpglgblglbndbdfgkhdbpgfbgh",
  71. "dbbnkphkglgfpgnbkfnfdfmblkjhbbdj",
  72. "dbfjkngplppkndjchhdbdpnjfhkpnmnj",
  73. "dcjljkgnmcckndndjplfgjfdkkdgjdkk",
  74. "ddbbdfhkjhddpplfgmpfhhjgnmbbgbcf",
  75. "ddgphffgfljghgddhdkhndddnflpplff",
  76. "ddkpbjcllbbhdbdpghhmbgnppdfkmbhj",
  77. "ddmlkhdfkpgkgbmpmjppbmnpghdfgkpp",
  78. "dfbnmfgkfflghhkflnkmhhkdkpjbnjij",
  79. "dffjdhhbbmmjflnkhfdblgmpjdfjkkhg",
  80. "dfkmbhddfgljppffkmpplddphhjmbhij",
  81. "dfppjmkbngkbkfdjkhplghgkmpdfdgbb",
  82. "dgfjpbfdlgbhnbnpljpcbbpghgdplfmb",
  83. "dgkkhhjkklcgnbhbnhlpphkhjnghplpl",
  84. "dhkngmcckdhdfpbkfjkgbfdjngkkhddp",
  85. "dhpgbkmfdbfdkhgjbklphgklddkbbhfp",
  86. "djdbbhhdddfkkpblgclbppbdfmkkbmkh",
  87. "djgbchkkcglfdbnbhndgpnjmlngljkgn",
  88. "dkgkpbkdbjdfkgjgjpnddmbjpjhndhfn",
  89. "dknbnnjgbgdfdfgbnbhglgkghdppppgj",
  90. "dldnhnkgpbbkphnngpddkgbhplckjhdf",
  91. "dmbjlpbnngpddpjkblkgdpmjnhdpgkhl",
  92. "dmdkpgjdfnjgnmbnfdflpkbchjgbffgh",
  93. "dmgkfdhflhjplngkghnfdnnbkghpkpdb",
  94. "dmjpnfjlgpmbgkjbplbdbdkdfpgldkcf",
  95. "dmkpjnhkffgkdfpbfbgbcchgljgjhmbn",
  96. "dmpnnhcblhngcchkhpbbkbbbpjjjkpdd",
  97. "dnchhnphngcdgcfpbhhcdgjjjhbbhmbp",
  98. "dndgkdfkhhghgppkbbnjlgbgjfgkphbf",
  99. "dngkndgfbdbfdfggdfkpbnhhglklbnhg",
  100. "dnhgpbkddgjkdfhgnpkkhnbpjjdbpmjp",
  101. "dnjhggpghbphgjffgnbmbhflplgmpggd",
  102. "dnjjdfhnbkppgdfhgbppkndmbplghdfn",
  103. "dnlpkkpjflkpgkdbnhhdbplgjjfjhkkk",
  104. "dnpdbkkhphkdbjflmbkfgdfghmndjmbd",
  105. "dnpnphngdfbdfgkhkgggjgpnjddbjppg",
  106. "dodjbfkpbgnbdfgddplhnghgjpkkmbch",
  107. "dogpjfjgkfgplgdhjdbdgbgkjfhgkbbn",
  108. "dolpnnfgghfdfdphgbpljkbmbpbchhfp"
  109. )
  110.  
  111. # Chrome user data path
  112. $chromeUserData = "$env:LOCALAPPDATA\Google\Chrome\User Data"
  113.  
  114. # Get all profiles
  115. $profiles = Get-ChildItem -Path $chromeUserData -Directory | Where-Object {
  116.     $_.Name -match "Default|Profile"
  117. }
  118.  
  119. $results = @()
  120.  
  121. foreach ($profile in $profiles) {
  122.     $extPath = Join-Path $profile.FullName "Extensions"
  123.  
  124.     if (Test-Path $extPath) {
  125.         $installed = Get-ChildItem -Path $extPath -Directory | Select-Object -ExpandProperty Name
  126.  
  127.         foreach ($id in $extensionIds) {
  128.             if ($installed -contains $id) {
  129.                 $results += [PSCustomObject]@{
  130.                     Profile = $profile.Name
  131.                     ExtensionId = $id
  132.                 }
  133.             }
  134.         }
  135.     }
  136. }
  137.  
  138. if ($results.Count -gt 0) {
  139.     Write-Host "Matches found:`n"
  140.     $results | Format-Table -AutoSize
  141. } else {
  142.     Write-Host "No matching extensions found."
  143. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!