# Query the Registry for Browser Helper Objects (BHO) ``` #####aid_begin #description: fetch the information from browser helper objects (bho) #id: aid2112302103 #processtype: query #category: registry #sourcelink: #tacticidlist: #techniqueidlist: #compatibleos: |- # windows 7 # windows 8.* # windows 10 # windows 11 # windows server 2008 r2 # windows server 2012 # windows server 2012 r2 # windows server 2016 # windows server 2019 #compatibleengine: |- # powershell 2 # powershell 3 # powershell 4 # powershell 5.* # powershell 7.* #bgcommandlist: |- # get-bgregistry #notes: |- # browser helper objects are in-process component object model (com) components. whenever you launch an instance of internet explorer 4.x and higher, it reads a specific registry key to locate the installed bho's and then loads the objects whose clsid is stored there. it's important to note that bho's are tied to the main browser window. that means that if you open multiple instances of internet explorer a new instance of the bho is created when the new browser window is created. the browser initializes the object and asks it for a certain interface. if the interface is found, then ie uses the methods provided to pass its iunknown pointer down to the helper object. #####aid_end commands: - Get-BGRegistry -StartKey "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://manuals.blusapphire.io/blugenie/artifacts/tactical-artifacts-by-category/registry-query/query-the-registry-for-browser-helper-objects-bho.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.