From 55d84345ac1e29472a3e24f12e74508bdd82e105 Mon Sep 17 00:00:00 2001
From: Wietze <wietze@users.noreply.github.com>
Date: Tue, 1 Oct 2024 23:45:18 +0100
Subject: [PATCH] Adding <version> placeholder to Vshadow

---
 yml/OtherMSBinaries/Vshadow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/yml/OtherMSBinaries/Vshadow.yml b/yml/OtherMSBinaries/Vshadow.yml
index 0412f78..4adf4ff 100644
--- a/yml/OtherMSBinaries/Vshadow.yml
+++ b/yml/OtherMSBinaries/Vshadow.yml
@@ -12,7 +12,7 @@ Commands:
     MitreID: T1127
     OperatingSystem: Windows 10, Windows 11
 Full_Path:
-  - Path: C:\Program Files (x86)\Windows Kits\10\bin\10.0.XXXXX.0\x64\vshadow.exe
+  - Path: C:\Program Files (x86)\Windows Kits\10\bin\<version>\x64\vshadow.exe
 Detection:
   - IOC: vshadow.exe usage with -exec parameter
 Resources: