Adversaries may attempt to get a listing of open application windows. Window listings could convey information about how the system is used or give context to information collected by a keylogger.
Compiles and executes C# code to list main window titles associated with each process.
Upon successful execution, powershell will download the .cs from the Atomic Red Team repo, and cmd.exe will compile and execute T1010.exe. Upon T1010.exe execution, expected output will be via stdout.
Supported Platforms: Windows
| Name | Description | Type | Default Value |
|---|---|---|---|
| input_source_code | Path to source of C# code | path | PathToAtomicsFolder\T1010\src\T1010.cs |
| output_file_name | Name of output binary | string | %TEMP%\T1010.exe |
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe -out:#{output_file_name} #{input_source_code}
#{output_file_name}del /f /q /s #{output_file_name} >nul 2>&1if (Test-Path #{input_source_code}) {exit 0} else {exit 1} New-Item -Type Directory (split-path #{input_source_code}) -ErrorAction ignore | Out-Null
Invoke-WebRequest https://raw.githubusercontent.com/redcanaryco/atomic-red-team/master/atomics/T1010/src/T1010.cs -OutFile "#{input_source_code}"