Description
Captures a screenshot of the desktop or active window.
Overview
This cmdlet leverages GetDesktopWindow or GetForegroundWindow to get a handle to the target window. It the uses the ImageCodecInfo to encode the file as .jpg using the specified compression level. It then exfiltrates the file over the C2 channel where it is stored in the Artifacts collection. You may have to inject into explorer.exe to be able to capture screenshots.
Arguments
| Parameter | Type | Description |
|---|---|---|
| Type | string | The target window to capture. |
| CompressionLevel | int | The compression level on a scal from 1 to 100 where 100 is the least compression. |
Inputs
Type: The target window to capture.
CompressionLevel: The compression level on a scal from 1 to 100 where 100 is the least compression.
Example Output
Filename Size
-------- ----
screenshot-2023-12-09-12-59-41.jpg 191202