resize volume shadow copy storage

# generated using capa explorer for IDA Pro
rule:
  meta:
    name: resize volume shadow copy storage
    namespace: impact/inhibit-system-recovery
    authors:
      - michael.hunhoff@mandiant.com
    scopes:
      static: basic block
      dynamic: call
  features:
    - and:
      - match: interact with driver via IOCTL
      - number: 0x53C028 = IOCTL_VOLSNAP_SET_MAX_DIFF_AREA_SIZE