Let's see another example with hidden tear ransomware. Consider a scenario where hidden tear ransomware has locked files on a Windows 10 system, and the situation is pretty bad, as shown in the following screenshot:
![](/api/v2/epubs/9781789344523/files/assets/2eeafe51-67dd-4c98-bec0-22ef11477a5e.png)
It looks like the files are encrypted. Let's try opening a file as follows:
![](/api/v2/epubs/9781789344523/files/assets/6e411ddb-3827-4e70-bf9e-c7933eb83da3.png)
Yes—the contents of the file are encrypted. Luckily for us, we have a PCAP of the fully captured data with us. Let's start our analysis:
We can see we have a fairly large PCAP file, containing a good amount of HTTP data. ...