Window actions refer to a set of techniques employed by Remote Access Trojans (RATs) or Command-and-Control (C2) frameworks to manipulate application windows that have been previously enumerated regardless of whether they are currently visible to the user.

These manipulations can include:

• Changing the window title (caption)
• Resizing or repositioning the window
• Modifying its visibility (showing, hiding, updating opacity)
• Altering its state (e.g., maximized, minimized, restored)
• Closing the window or terminating the entire process

While these actions are often leveraged by unsophisticated attackers or "script kiddies" for disruptive or trolling purposes (e.g., interfering with user activities), they can also be used in more advanced attack scenarios. For example: phishing or code injection.

Featured Windows APIs

• FindWindow User32.dll
• PostMessage User32.dll
• SendMessage User32.dll
• GetWindowThreadProcessId User32.dll
• TerminateProcess Kernel32.dll
• SetWindowLong User32.dll
• GetWindowLong User32.dll
• SetLayeredWindowAttributes User32.dll
• ShowWindow User32.dll
• SetWindowPos User32.dll
• SetWindowLongPtr User32.dll
• GetActiveWindow User32.dll

Associated Feature

Feature Name	Dangerousness	Key Categories
Application / Window Manager	Low	Spy / Surveillance, Disruption