Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'RansomHorse2' = '<PATH_SAMPLE>.vbs'
- '<SYSTEM32>\taskkill.exe' /F /IM explorer.exe
- '<SYSTEM32>\taskkill.exe' /F /IM sethc.exe
- '<SYSTEM32>\taskkill.exe' /F /IM Taskmgr.exe
- %WINDIR%\explorer.exe
- ClassName: '' WindowName: ''
- '<SYSTEM32>\taskkill.exe' /F /IM explorer.exe' (with hidden window)
- '<SYSTEM32>\taskkill.exe' /F /IM sethc.exe' (with hidden window)
- '<SYSTEM32>\taskkill.exe' /F /IM Taskmgr.exe' (with hidden window)