Analysis of Shellbags is extremely useful method of determining what file or folder actions have been taken on a host by a specific user.

What are Shellbags?

Shellbags are set of registry keys which contain details about a user’s viewed folder; such as its size, position, and icon. This means that all directory traversal is tracked and maintained in the registry.

The shellbags provide timestamps, contextual information, and show the access of directories and other resources, potentially…

Taking a deeper looking into Arucer.dll and uncovering what it does and how to use it.

Energizer Duo USB Battery Charger Trojan



Battery Powered Trojan — Part 1
Battery Powered Trojan — Part 2

After performing Basic Static and Basic Dynamic analysis on UsbCharger_setup_V1_1_1.exe and Arucer.dll we uncovered that there was a…

Chris Eastwood

Incident Response, Forensic Investigations, and Threat Hunting professional, writing things to learn them better.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store