Hiding Files And Directories With Attrib.exe
Attackers leverage an existing Windows binary, attrib.exe, to mark specific as hidden by using specific flags so that the victim does not see the file. The search looks for specific command-line arguments to detect the use of attrib.exe to hide files.
This content is not mapped to any local saved search. Add mapping
Hiding Files And Directories With Attrib.exe Help
This search is looking to detect command-line execution with of attrib.exe binary with the +h flag set. The +h flag is used to hide a file.