You are using passwords saved in your browser. You turn on DC++ or FlyLink, do "share entire C: drive", or download a pre-configured option that does it for you.
After that, the "hacker" in the search drives in the names of the files needed in the search for file sharing and downloads files with saved cached passwords, in some cases, cookies for them. Throws it into your browser, and voila, you are hacked =)))))
And there are many examples when education of a security officer and knowledge of languages ​​is not required.

have a higher education in the field of information security. understand 20 - 30 programming languages. well, on trifles ...))). I'm talking about the detection of such actions

to begin with, get access to the machine with which you will perform further manipulations.
And then, according to the instructions:
The password file is the "Login Data" file which is located in the OS at the following path
C:\Users\*USERNAME*\AppData\Local\Google\Chrome\User Data\Default\
There is a nuance, all the data - are encrypted. But this can be fixed, but how, let it remain a mystery to you.
If you are interested, then you will figure it out yourself