#####aid_begin
#description: fetch the information from browser helper objects (bho)
#id: aid2112302103
#processtype: query
#category: registry
#sourcelink: <na>
#tacticidlist: <na>
#techniqueidlist: <na>
#compatibleos: |-
#  windows 7
#  windows 8.*
#  windows 10
#  windows 11
#  windows server 2008 r2
#  windows server 2012
#  windows server 2012 r2
#  windows server 2016
#  windows server 2019
#compatibleengine: |-
#  powershell 2
#  powershell 3
#  powershell 4
#  powershell 5.*
#  powershell 7.*
#bgcommandlist: |-
#  get-bgregistry
#notes: |- 
#  browser helper objects are in-process component object model (com) components.  whenever you launch an instance of internet explorer 4.x and higher, it reads a specific registry key to locate the installed bho's and then loads the objects whose clsid is stored there.  it's important to note that bho's are tied to the main browser window.  that means that if you open multiple instances of internet explorer a new instance of the bho is created when the new browser window is created.  the browser initializes the object and asks it for a certain interface.  if the interface is found, then ie uses the methods provided to pass its iunknown pointer down to the helper object.
#####aid_end
commands:
- Get-BGRegistry -StartKey "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"