Hidden Files
Defense Evasion, Persistence
Hiding the file mantvydas.sdb using a native windows binary:
Note how powershell (or cmd) says the file does not exist, however you can type out its contents if you know the file exists:

Note, that
dir /a:h
(attribute: hidden) reveals files with a "hidden" attribute set:
As usual, monitoring commandline arguments may be a good idea if you want to identify these events:

Last modified 4yr ago