Ransomware Example 2
URL Connect
Create Socket
DNS Response
IP Connect
Server Connect
Process Start
URL
Socket
IP
IP Connections
Server Connections
Host
Process
HOST: epmhyca5ol6plmx3.tor2web.blutmagie.de
vssadmin.exe
PID: 2644
yyxxhtv.exe
PID: 1756
IP: 198.41.214.185
IP: 194.150.168.74
HOST: epmhyca5ol6plmx3.tor2web.fi
cmd.exe
PID: 2068
HOST: 7tno4hib47vlep5o.7hwr34n18.com
HOST: epmhyca5ol6plmx3.wh47f2as19.com
IP: 104.16.28.216
9b462800f1bef019d7ec00098682d3ea7fc60e6721555f616399228e4e3ad122.exe
PID: 1060
9b462800f1bef019d7ec00098682d3ea7fc60e6721555f616399228e4e3ad122.exe
PID: 1380
yyxxhtv.exe
PID: 2148