Creation of an Valkyrie Indicator for Shell function calls

Deletes volume snapshots ( via shell commands > “%WINDIR%\System32\cmd.exe” /c vssadmin.exe Delete Shadows /All /Quiet")

As far as I know, valkyrie is based on cuckoos sandbox . So it should be possible to create a corresponding indicator for Valkyrie as well . In this way, it would be possible to recognize the types of ransomware using these function calls , or respectively create a general indicator for the execution of shell commands .