Play Ransomware ESXi Variant - Virtual Machine Shutdown Detection

Detects execution of ESXi-specific management binaries used by the Play ransomware ESXi variant to enumerate and forcibly power off virtual machines before encrypting VMDK files, behavior documented in the CISA StopRansomware advisory on Play ransomware targeting VMware ESXi infrastructure