diff --git a/atomics/Indexes/index.yaml b/atomics/Indexes/index.yaml
index 853098d0..ed3cde00 100644
--- a/atomics/Indexes/index.yaml
+++ b/atomics/Indexes/index.yaml
@@ -4297,9 +4297,9 @@ credential-access:
         drive_letter:
           description: Drive letter to source VSC (including colon)
           type: String
-          default: 'C:'
+          default: C:\
       executor:
-        command: "(gwmi -list win32_shadowcopy).Create(#{drive_letter},'ClientAccessible')\n"
+        command: "(gwmi -list win32_shadowcopy).Create('#{drive_letter}','ClientAccessible')\n"
         name: powershell
         elevation_required: true
     - name: Create Symlink to Volume Shadow Copy
diff --git a/atomics/T1003.003/T1003.003.md b/atomics/T1003.003/T1003.003.md
index e216fd17..538f34a2 100644
--- a/atomics/T1003.003/T1003.003.md
+++ b/atomics/T1003.003/T1003.003.md
@@ -323,14 +323,14 @@ The Active Directory database NTDS.dit may be dumped by copying it from a Volume
 #### Inputs:
 | Name | Description | Type | Default Value |
 |------|-------------|------|---------------|
-| drive_letter | Drive letter to source VSC (including colon) | String | C:|
+| drive_letter | Drive letter to source VSC (including colon) | String | C:\|
 
 
 #### Attack Commands: Run with `powershell`!  Elevation Required (e.g. root or admin) 
 
 
 ```powershell
-(gwmi -list win32_shadowcopy).Create(#{drive_letter},'ClientAccessible')
+(gwmi -list win32_shadowcopy).Create('#{drive_letter}','ClientAccessible')
 ```