Diskshadow Script Mode - Uncommon Script Extension Execution (1dde5376-a648-492e-9e54-4241dd9b0c7f)
Detects execution of "Diskshadow.exe" in script mode to execute an script with a potentially uncommon extension. Initial baselining of the allowed extension list is required.