Ghbmnnjooekpmoecnnnilnnbdlolhkhi

Posted : admin On 1/1/2022

Win32/PiriformBundle - posted in Virus, Trojan, Spyware, and Malware Removal Help: Hi all Windows Defender has identified this on my laptop as a PUA (potentially unwanted application). Google takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. This personalization template provides the standard settings required in order to personalize Chrome. Instructions for use. We advise that this template is firstly evaluated and tested in a non-production scenario to ensure the configured settings are suitable for your requirements. Edit, create, and view your documents, spreadsheets, and presentations — all without internet access. No network connection? With Google Docs Offline, you can access Google Docs, Sheets, Slides, and Drive without connecting to the internet.

-->

Learn how to embed analytical content within your business process applications for the national cloud. You can use the Power BI .NET SDK with the Power BI JavaScript API to embed a report, dashboard, or tile, into your web applications.

Power BI also supports national clouds.

The different national clouds are:

  • U.S. Government Community Cloud (GCC)

  • U. S. Government Community Cloud High (GCC High)

  • U. S. Military Contractors (DoDCON)

  • U. S. Military (DoD)

  • Power BI for Germany cloud

  • Power BI for China cloud

To get started with this walkthrough, you need a Power BI account. If you don't have an account set up, then depending on the type of government or country you can choose the right national cloud for you. You can sign up for a U. S. government Power BI account, a Power BI for Germany cloud account or a Power BI for China cloud account.

Note

Looking to embed a dashboard for your organization instead? See, Integrate a dashboard into an app for your organization.

To integrate a dashboard into a web app, you use the Power BI API, and an Azure Active Directory (AD) authorization access token to get a dashboard. Then, you load the dashboard using an embed token. The Power BI API provides programmatic access to specific Power BI resources. For more information, see Power BI REST API, [Power BI .NET SDK, and the Power BI JavaScript API.

Download the sample

This article shows the code used in the App Owns Data sample on GitHub. To follow along with this walkthrough, you can download the sample.

  • Government Community Cloud (GCC):

    Note

    Embedding Power BI content from a Government Community Cloud (GCC), can only be done with a Microsoft 365 SKU. Other national cloud customers can use Microsoft 365 or Azure SKUs.

  1. Overwrite Cloud.config file with GCCCloud.config content.

  2. Update applicationId (Native app applicationId), workspaceId, the user (your master user), and password in Web.config file.

  3. Add the GCC parameters in the web.config file as follows.

  • Military Contractors (DoDCON):
  1. Overwrite Cloud.config file with TBCloud.config content.

  2. Update applicationId (Native app applicationId), workspaceId, the user (your master user), and password in Web.config file.

  3. Add the DoDCON parameters in the web.config file as follows.

  • Military (DoD):
  1. Overwrite Cloud.config file with PFCloud.config content.

  2. Update applicationId (Native app applicationId), workspaceId, the user (your master user), and password in Web.config file.

  3. Add the DoDCON parameters in the web.config file as follows.

  • Power BI for Germany cloud parameters
  1. Overwrite Cloud.config file with Power BI for Germany cloud content.

  2. Update applicationId (Native app applicationId), workspaceId, the user (your master user), and password in Web.config file.

  3. Add the Power BI for Germany cloud parameters in the web.config file as follows.

  • Power BI for China cloud parameters
  1. Overwrite Cloud.config file with Power BI for China cloud content.

  2. Update applicationId (Native app applicationId), workspaceId, the user (your master user), and password in Web.config file.

  3. Add the Power BI for China cloud parameters in the web.config file as follows.

Step 1 - register an app in Azure AD

Register your application with Azure AD to make REST API calls. For more information, see Register an Azure AD app to embed Power BI content. Since there are different national cloud affiliations, there are distinct URLs to register your application.

  • Government Community Cloud (GCC) - https://app.powerbigov.us/apps

  • Military Contractors (DoDCON) - https://app.high.powerbigov.us/apps

  • Military (DoD) - https://app.mil.powerbigov.us/apps

  • Power BI for Germany cloud - https://app.powerbi.de/apps

  • Power BI for China cloud - https://app.powerbi.cn/apps

If you downloaded the Embedding for your customer sample, you would use the applicationId you get, so that the sample can authenticate to Azure AD. To configure the sample, change the applicationId in the web.config file.

Step 2 - get an access token from Azure AD

Within your application, you need to get an access token, from Azure AD, before you can make calls to the Power BI REST API. For more information, see Authenticate users and get an Azure AD access token for your Power BI app. Since there are different national cloud affiliations, there are distinct URLs to get an access token for your application.

  • Government Community Cloud (GCC) - https://login.microsoftonline.com

  • Military Contractors (DoDCON) - https://login.microsoftonline.us

  • Military (DoD) - https://login.microsoftonline.us

  • Power BI for Germany cloud - https://login.microsoftonline.de

  • Power BI for China cloud - https://login.chinacloudapi.cn

You can see examples of these access tokens within each content item task in the ControllersHomeController.cs file.

Step 3 - get a content item

To embed your Power BI content, you need to do a couple of things to make sure it embeds correctly. While all of these steps can be done with the REST API directly, the sample application and the examples here use the .NET SDK.

Create the Power BI Client with your access token

With your access token, you want to create your Power BI client object, which allows you to interact with the Power BI APIs. You create your Power BI client object by wrapping the AccessToken with a Microsoft.Rest.TokenCredentials object.

Get the content item you want to embed

Use the Power BI client object to retrieve a reference to the item you want to embed. You can embed dashboards, tiles, or reports. Here is an example of how to retrieve the first dashboard, tile, or report from a given workspace.

A sample is available within ControllersHomeController.cs of the App Owns Data sample.

Reports

Dashboards

Tiles

Create the embed token

Using the JavaScript API, you can generate an embed token. The embed token is specific to the item you're embedding. Anytime you embed a piece of Power BI content, you need to create a new embed token for it. For more information, including which accessLevel to use, see Embed Token.

Important

Because embed tokens are intended for developer testing only, the number of embed tokens a Power BI master account can generate is limited. A capacity must be purchased for production embedding scenarios. There is no limit to embed token generation when a capacity is purchased.

A sample is available within ControllersHomeController.cs of the Embedding for your organization sample.

A class is created for EmbedConfig and TileEmbedConfig. A sample is available within ModelsEmbedConfig.cs and ModelsTileEmbedConfig.cs.

Reports

Dashboards

Tiles

Step 4 - load an item using JavaScript

You can use JavaScript to load a dashboard into a div element on your web page. The sample uses an EmbedConfig/TileEmbedConfig model along with views for a dashboard, tile, or report. For a full sample of using the JavaScript API, you can use the Microsoft Power BI Embedded Sample.

An application sample is available within the Embedding for your organization sample.

ViewsHomeEmbedDashboard.cshtml

Ghbmnnjooekpmoecnnnilnnbdlolhkhi

ViewsHomeEmbedTile.cshtml

Ghbmnnjooekpmoecnnnilnnbdlolhkhi

ViewsHomeEmbedReport.cshtml

Next steps

  • A sample application is available on GitHub for you to review. The above examples are based on that sample. For more information, see Embedding for your organization sample.

  • For more information about JavaScript API, reference Power BI JavaScript API.

  • For more information about for Power BI for Germany cloud, reference Power BI for Germany cloud FAQ

Considerations and limitations

More questions? Try asking the Power BI Community

Quest KACE K1000 (Former Dell Product), allows you to create “customized” inventory rules that provide flexibility to run commands, whether through standard command prompt, or other methods.

For this particular use case, we’re trying to identify what Chrome extensions are installed in our non-domain endpoints that we’re managing. If you are dealing with domain-joined systems, I’d recommend managing these extensions via Google Chrome’s GPO which can be found in my past article.

If you don’t use KACE K1000 in your environment, you can still follow the article and later skip to the “For non-KACE users” section to accomplish the same thing.

Within KACE we’re going to create a custom inventory rule to return the extensions found under my user appdata directory: C:UserspdelgadoAppDataLocalGoogleChromeUser DataDefaultExtensions

I found the easiest way to do this is to use the dir command within command prompt, with the /b syntax.

dir /bC:UserspdelgadoAppDataLocalGoogleChromeUser DataDefaultExtensions” which returns the following:

Reference for Dir:

/bUse this option to show the dir results using “bare” format, which removes the typical header and footer information, as well as all the details on each item, leaving only the directory name or file name and extension.

The equivalent of powershell is this:

Get-ChildItem -Path “$($env:LOCALAPPDATA)GoogleChromeUser DataDefaultExtensions” -Name

Within Kace, create a custom inventory rule and call it “Google Chrome Extensions”

Navigate to Inventory > Software > Choose Action > New
provide a script name: Google Chrome Extensions
Highlight all of your Windows OS under Supported Operating Systems

Enter the following as the custom inventory rule:

ShellCommandTextReturn(dir /b “C:UserspdelgadoAppDataLocalGoogleChromeUser DataDefaultExtensions”)

Save it!

This will run that command on each endpoint that matches that path and will save the output to the KACE database. Note: This is assuming that your non-domain systems are using the same username. If your usernames are all different throughout the environment, I don’t think this will work. I played around with dir /b “%LOCALAPPDATA%GoogleChromeUser DataDefaultExtensions” but this did not work. I’m assuming it’s because the KACE agent is running as SYSTEM user context.

Moving on, you should see the list of extensions when you look at custom inventory rules results when looking up an endpoint.

Identifying Extensions:

Google chrome comes with certain extensions by default, in addition there are legitimate extensions such as Adobe PDF readers, or anti-virus extensions added by legitimate products. I spent some time identifying the known extensions via Google Chrome Extensions site; Although some extensions follow an old ID convention or the Google URL store has changed.

Google Docs Offline Download

Here they are:

Extension NameExtension ID
Google Slidesaapocclcgogkmnckokdopfmhonfmgoek
Google Docsaohghmighlieiainnegkcijnfilokake
Google Calendar #old extensionejjicmeblgpmajnghnpcppodonldlgfn
Google Docsghbmnnjooekpmoecnnnilnnbdlolhkhi
Google Driveapdfllckaahabafndbhieahigkjlhalf
Youtubeblpcfgokakmgnkcojhhkbfbldkacnbeo
Google Sheetsfelcaaldnbdncclmgdcncolpebgiejap
Google Chrome Web Storenmmhkkegccagdldgiimedpiccmgmieda
Gmailpjkljhegncpnkpknbcohdijeoejaedia
Chromecastpkedcjkdefgpdelpbcmbmeomcjbeemfm
Google Searchcoobgpohoikkiipiblmjeljniedjpjpf
Google Translateaapbdbdomjkkjkaonfhkkikfgjllcleb

I like interacting with the KACE database directly via Mysql Workbench; therefore, I created a SQL script to easily identify the known extensions when creating reports. This made it easy to identify the unknown extensions and also spotting nefarious extensions that shouldn’t be running in the environment:

Note: this assumes that you created the custom inventory software rule and named it “Google Chrome Extensions”.

Here’s the SQL script which will allow you to create an easy-to-read report:

Creating KACE Report for Google Chrome Extensions

Ghbmnnjooekpmoecnnnilnnbdlolhkhi

Navigate to Reporting > Reports > Select the Drop down menu and select New (SQL)

Provide a title and paste the SQL code provided earlier:

Save it.

Next, run the Report

You should see a report of your endpoints along with the extensions:

As you can see, it’ll be easy to identify unknown extensions.

Although it’s nice that we have visibility over our endpoints, this doesn’t stop the malicious extensions installed from running. The next step is to eradicate those extensions.

Removing unwanted Google Chrome Extensions

Now that we have a good idea of the known good extensions, we can remove all unwanted extensions. To accomplish this, I wrote a Powershell Script and also briefly modified a well known extension written by “bellows” at Spiceworks that removes Google Chrome extensions.

The first Powershell script “GoogleChromeExtensions.ps1” will query the Extensions directory and will exclude the “known expected” extensions and will return only the extensions not found under this list. The list of “unknown or unwanted” extensions will then be passed on to the “Get-ChromeExtensions.ps1” Powershell Script that will start removing each one at a time. This script will remove the extension folder contents for this path, and will also remove registry entries under HKCUSOFTWARE for those extensions.

Here’s the “Get-ChromeExtensions.ps1” script. The only thing I modified was the path to the extensions as Dell KACE will run as SYSTEM and the script won’t work if you don’t deploy it this way. (Note: You may also run scripts as the user context, but I didn’t test this route).

The Modified line is this one: $extension_folders = Get-ChildItem -Path “C:UserspdelgadoAppDataLocalGoogleChromeUser DataDefaultExtensions”

Deploying the script via KACE

Chrome extension ghbmnnjooekpmoecnnnilnnbdlolhkhi

Navigate to Scripts > Choose Action > New

Provide a name for the script and make sure you “enable” it.

  • Select the Operating system to “Microsoft Windows”.
  • Windows run As “Local System”
  • Check box for “Allow run without a logged-in user”
  • Upload dependencies (GoogleChromeExtensions.ps1) & (Get-ChromeExtensions.ps1)

Under the Tasks section:

Id: ghbmnnjooekpmoecnnnilnnbdlolhkhi

On Success : Run a batch file

Provide a script name and paste the following:
powershell.exe powershell.exe -ExecutionPolicy UnRestricted -File .GoogleChromeExtensions.ps1

Save changes, and deploy!

For non-KACE users

You can run these Powershell scripts without specifying a user, and just grabbing the current logged in user via the %LOCALAPPDATA% variable. Ensure you modify the script with other expected extensions or just remove them all!
Here’s the scripts:

and you may use the original “Get-ChromeExtensions.ps1” script along with the one I created which should accomplish the same thing. Easy as 1,2,3.

Ghbmnnjooekpmoecnnnilnnbdlolhkhi Malware

Conclusion

As mentioned earlier, the scripts deployed will remove unwanted extensions from the provided file path and registry keys; however the extension itself WILL NOT be removed from the Google Chrome browser. When you re-launch the web browser, the folders will re-appear; however, they wont’ have any content and the extension will not be functional. If you browse to the extensions section of Chrome, you will see the extensions with a status of “This extension may have been corrupted” and thus will not be functional as seen in the image below:

Although we’d like to have the extension completely removed from the user’s visibility, this is the next best thing. To my knowledge there isn’t a way to remove the extensions besides having the user do it manually (correct me if I’m wrong, as there might be a better way). The user may always re-install the extensions; however, you can always have an ongoing-job to continue deleting them.

Id Ghbmnnjooekpmoecnnnilnnbdlolhkhi

Thanks for reading! Constructive feedback is always appreciated!