The sequence and method of command execution are the same, though RansomHub now uses cmd.exe for execution.<\/li>\n<\/ul>\n\n\n\nHowever, despite the two malware share origins, it is unlikely that the authors of Knight are now operating RansomHub.\u00a0<\/p>\n\n\n\n