Fixed att&ck, deleted commandline key "exec" (does not works without interactive mode so there is no commandline appear)

rules/windows/process_creation/win_susp_diskshadow.yml

@@ -1,13 +1,12 @@
-title: Diskshadow.exe Execution
+title: Execution via Diskshadow.exe 
 id: 0c2f8629-7129-4a8a-9897-7e0768f13ff2
 status: experimental
 description: Detects using Diskshadow.exe to dump NTDS.dit or execute arbitrary code
 references:
     - https://bohops.com/2018/03/26/diskshadow-the-return-of-vss-evasion-persistence-and-active-directory-database-extraction/
 tags:
-    - attack.credential_access
     - attack.execution
-    - attack.t1003     
+    - attack.t1218     
 author: Ivan Dyachkov, oscd.community
 date: 2020/10/07  
 logsource:                      
@@ -19,7 +18,6 @@ detection:
             Image: 'c:\windows\system32\diskshadow.exe'
             CommandLine|contains:
                 - '/s'
-                - 'exec' 
     condition: selection
 fields:
     - CommandLine