~/ cat Diskshadow.exe.md █
Diskshadow.exe is a tool that exposes the functionality offered by the volume shadow copy Service (VSS).
Paths:
C:\Windows\System32\diskshadow.exe
C:\Windows\SysWOW64\diskshadow.exe
Detection: Child process from diskshadow.exe Diskshadow reading input from file
Dump
Execute commands using diskshadow.exe from a prepared diskshadow script.
diskshadow.exe /s c:\test\diskshadow.txt
Execute
Execute commands using diskshadow.exe to spawn child process
diskshadow> exec calc.exe