https://hexpysya.github.io/tags/endpoint-forensic/Recent content in Endpoint Forensic on bubka hacks stuffHugo -- gohugo.ioen-usMon, 30 Mar 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-ramnit/Mon, 30 Mar 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-ramnit/Memory forensics of a compromised Windows host revealed ChromeSetup.exe spawned under explorer.exe, establishing a C2 connection to a Hong Kong-based IP. The dumped binary was identified as the Ramnit worm - flagged by 68/72 VirusTotal vendors.