The chrome_extensions INFO provides details on chrome extensions
We extend the chrome_extensions results with the common decorations, generic and data lake information available for all scheduled queries.
chrome_extensions Scheduled Query Schema
| author | string | Optional extension author |
| identifier | string | Plugin identifier |
| name | string | Name of the registry value entry |
| path | string | Full path to the value |
| uid | long | The local user that owns the plugin |
| update_url | string | Extension-supplied update URI |
| version | string | Plugin short version |
-- chrome_extensions INFO SELECT -- Device ID DETAILS meta_hostname, meta_ip_address, -- Query Details query_name, author, identifier, name, path, uid, update_url, version, -- Decoration meta_boot_time, meta_eid, meta_endpoint_type, meta_ip_mask, meta_mac_address, meta_os_name, meta_os_platform, meta_os_type, meta_os_version, meta_public_ip, meta_query_pack_version, meta_username, --- Generic calendar_time, counter, epoch, host_identifier, numerics osquery_action, unix_time, -- Data Lake customer_id, endpoint_id, upload_size FROM xdr_data WHERE query_name = 'chrome_extensions'
RESULTS
+-----------------+-------------------+-------------------+----------+----------------------------------+---------------------------+----------------------------------------------------------------------------------------------------------------------------+-------+-------------------------------------------------+--------------+------------------+--------------------------------------+----------------------+----------------+--------------------+------------------------------+--------------------+----------------+-------------------+------------------+---------------------------+-----------------+----------------------+-----------+------------+-------------------+------------------+----------------------+--------------------------------------+--------------------------------------+---------------+ | meta_hostname | meta_ip_address | query_name | author | identifier | name | path | uid | update_url | version | meta_boot_time | meta_eid | meta_endpoint_type | meta_ip_mask | meta_mac_address | meta_os_name | meta_os_platform | meta_os_type | meta_os_version | meta_public_ip | meta_query_pack_version | meta_username | calendar_time | counter | epoch | host_identifier | osquery_action | unix_time | customer_id | endpoint_id | upload_size | |-----------------+-------------------+-------------------+----------+----------------------------------+---------------------------+----------------------------------------------------------------------------------------------------------------------------+-------+-------------------------------------------------+--------------+------------------+--------------------------------------+----------------------+----------------+--------------------+------------------------------+--------------------+----------------+-------------------+------------------+---------------------------+-----------------+----------------------+-----------+------------+-------------------+------------------+----------------------+--------------------------------------+--------------------------------------+---------------| | Victim3-EDR | 192.168.100.143 | chrome_extensions | | aapocclcgogkmnckokdopfmhonfmgoek | Slides | C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\ | 1002 | https://clients2.google.com/service/update2/crx | 0.10 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-10T10:57:17Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-10T10:57:17Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 936 | | Victim3-EDR | 192.168.100.143 | chrome_extensions | | aohghmighlieiainnegkcijnfilokake | Docs | C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\ | 1002 | https://clients2.google.com/service/update2/crx | 0.10 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-10T10:57:17Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-10T10:57:17Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 934 | | Victim3-EDR | 192.168.100.143 | chrome_extensions | | apdfllckaahabafndbhieahigkjlhalf | Google Drive | C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ | 1002 | https://clients2.google.com/service/update2/crx | 14.1 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-10T10:57:17Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-10T10:57:17Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 942 | | Victim3-EDR | 192.168.100.143 | chrome_extensions | | blpcfgokakmgnkcojhhkbfbldkacnbeo | YouTube | C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ | 1002 | http://clients2.google.com/service/update2/crx | 4.2.8 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-10T10:57:17Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-10T10:57:17Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 938 | | Victim3-EDR | 192.168.100.143 | chrome_extensions | | felcaaldnbdncclmgdcncolpebgiejap | Sheets | C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\ | 1002 | https://clients2.google.com/service/update2/crx | 1.2 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-10T10:57:17Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-10T10:57:17Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 934 | | Victim3-EDR | 192.168.100.143 | chrome_extensions | | ghbmnnjooekpmoecnnnilnnbdlolhkhi | Google Docs Offline | C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.9.1_0\ | 1002 | https://clients2.google.com/service/update2/crx | 1.9.1 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-10T10:57:17Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-10T10:57:17Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 951 | | Victim3-EDR | 192.168.100.143 | chrome_extensions | | nmmhkkegccagdldgiimedpiccmgmieda | Chrome Web Store Payments | C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\ | 1002 | https://clients2.google.com/service/update2/crx | 1.0.0.5 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-10T10:57:17Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-10T10:57:17Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 961 | | Victim3-EDR | 192.168.100.143 | chrome_extensions | | pjkljhegncpnkpknbcohdijeoejaedia | Gmail | C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.2_0\ | 1002 | https://clients2.google.com/service/update2/crx | 8.2 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-10T10:57:17Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-10T10:57:17Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 933 | | Victim3-EDR | 192.168.100.143 | chrome_extensions | | pkedcjkdefgpdelpbcmbmeomcjbeemfm | Chrome Media Router | C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\8220.313.1.1_0\ | 1002 | https://clients2.google.com/service/update2/crx | 8220.313.1.1 | 1601905066 | 07343bcf-3fb4-34bb-58a0-75ea91b4d569 | computer | 255.255.255.0 | 00:50:56:2a:3a:13 | Microsoft Windows 7 Ultimate | windows | client | 6.1.7601 | 73.69.54.187 | 1.1.12 | test | 2020-10-10T10:57:17Z | 0 | 1602320453 | Victim3-EDR | False | 2020-10-10T10:57:17Z | b288d41b-53bb-64ae-5a67-1bc1507d5198 | 7043b3fc-f34b-43bb-850a-57ae194b5d96 | 965 |
