> For the complete documentation index, see [llms.txt](https://www.ired.team/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://www.ired.team/offensive-security/enumeration-and-discovery/t1010-application-window-discovery.md).

# Application Window Discovery

Retrieving running application window titles:

{% code title="attacker\@victim" %}

```csharp
get-process | where-object {$_.mainwindowtitle -ne ""} | Select-Object mainwindowtitle
```

{% endcode %}

![](/files/-LKbpr09VvDvfZNCrcHK)

A COM method that also includes the process path and window location coordinates:

{% code title="attacker\@victim" %}

```csharp
[activator]::CreateInstance([type]::GetTypeFromCLSID("13709620-C279-11CE-A49E-444553540000")).windows()
```

{% endcode %}

![](/files/-LhgYUQ4VckbAYvFKANi)

## References

{% embed url="<https://attack.mitre.org/wiki/Technique/T1010>" %}
