Loading ...
Sorry, an error occurred while loading the content.

More JumpList AppIds - Ill also add to wiki

Expand Messages
  • Rob Lee
    AppID Application 271e609288e1210a Access 2010    23646679aaccfae0    Adobe Reader 9.*** 9839aec31243a928 Excel 2010    5c450709f7ae4396 Firefox
    Message 1 of 19 , Aug 23, 2011
    View Source
    • 0 Attachment
      AppIDApplication
      271e609288e1210aAccess 2010   
      23646679aaccfae0   Adobe Reader 9.***
      9839aec31243a928Excel 2010   
      5c450709f7ae4396Firefox
      b8c29862d9f95832InfoPath 2010   
      5da8f997fd5f9428Internet Explorer  
      28c8b86deab549a1Internet Explorer 8
      b91050d8b077a4e8   Media Center 
      918e0ecb43d17e23    Notepad  
      9b9cdc69c1c24e2bNotepad  
      3094cdb43bf5e9c2OneNote 2010   
      be71009ff8bb02a2Outlook   
      c7a4093872176c74    Paint Shop Pro   
      f5ac5390b9115fdb   PowerPoint 2007 
      9c7cc110ff56d1bdPowerPoint 2010   
      1bc392b8e104a00eRemote Desktop
      1b4dd67f29cb1962    Windows Explorer
      d7528034b5bd6f28    Windows Live Mail   
      b91050d8b077a4e8Windows Media Center   
      74d7f43c1561fc1eWindows Media Player
      2.91E+82WinRar  
      b74736c2bd8cc8a5WinZip
      a8c43ef36da523b1   Word 2003   
      adecfb853d77462a    Word 2007   
      a7bd71699cd38d1cWord 2010   
      e36bfc8972e5ab1dXPS Viewer
      2b53c4ddf69195fcZune  
    • Rob Lee
      290532160612e071 is WinRAR not what is listed below ______________________________________________________________________________________________
      Message 2 of 19 , Aug 23, 2011
      View Source
      • 0 Attachment
        290532160612e071 is WinRAR not what is listed below

        ______________________________________________________________________________________________



        From: Rob Lee <rob_t_lee@...>
        To: "win4n6@yahoogroups.com" <win4n6@yahoogroups.com>
        Sent: Tuesday, August 23, 2011 11:50 PM
        Subject: [win4n6] More JumpList AppIds - Ill also add to wiki

         
        AppIDApplication
        271e609288e1210aAccess 2010   
        23646679aaccfae0   Adobe Reader 9.***
        9839aec31243a928Excel 2010   
        5c450709f7ae4396Firefox
        b8c29862d9f95832InfoPath 2010   
        5da8f997fd5f9428Internet Explorer  
        28c8b86deab549a1Internet Explorer 8
        b91050d8b077a4e8   Media Center 
        918e0ecb43d17e23    Notepad  
        9b9cdc69c1c24e2bNotepad  
        3094cdb43bf5e9c2OneNote 2010   
        be71009ff8bb02a2Outlook   
        c7a4093872176c74    Paint Shop Pro   
        f5ac5390b9115fdb   PowerPoint 2007 
        9c7cc110ff56d1bdPowerPoint 2010   
        1bc392b8e104a00eRemote Desktop
        1b4dd67f29cb1962    Windows Explorer
        d7528034b5bd6f28    Windows Live Mail   
        b91050d8b077a4e8Windows Media Center   
        74d7f43c1561fc1eWindows Media Player
        2.91E+82WinRar  
        b74736c2bd8cc8a5WinZip
        a8c43ef36da523b1   Word 2003   
        adecfb853d77462a    Word 2007   
        a7bd71699cd38d1cWord 2010   
        e36bfc8972e5ab1dXPS Viewer
        2b53c4ddf69195fcZune  


      • dan_4n6k
        I ve spent some time compiling a larger list focusing upon browsers, utilities, image viewers, and media players. You can check them out below. I apologize if
        Message 3 of 19 , Sep 7, 2011
        View Source
        • 0 Attachment
          I've spent some time compiling a larger list focusing upon browsers, utilities, image viewers, and media players. You can check them out below. I apologize if the formatting is weird -- I encourage you to take a look at my original blog post (found here: http://goo.gl/Tp5MH); it has more information on Jump Lists and provides organized tables for the AppIDs. I'm currently working on putting together another post regarding file-sharing, communications, and file-transfer client AppIDs. If anyone finds any problems with the list below, PLEASE let me know so that I can fix and test. I'll be adding these to the ForensicsWiki soon. Thanks to Jesse for creating that page and Harlan for getting me into this. Of course, everyone's contributions are greatly appreciated.

          Internet Browsers

          5d696d521de238c3 Chrome 9.0.597.84 / 12.0.742.100 / 13.0.785.215
          cfb56c56fa0f0a54 Mozilla 0.9.9
          5c450709f7ae4396 Firefox 1.0 / 2.0 / 3.0
          5df4765359170e26 Firefox 4.0.1
          1eb796d87c32eff9 Firefox 5.0
          1461132e553e2e6c Firefox 6.0
          28c8b86deab549a1 Internet Explorer 8 / 9
          16ec093b8f51508f Opera 8.54 build 7730 / 9.64 build 10487 / 11.50 build 1074
          8a1c1c7c389a5320 Safari 3.2.3 (525.29)
          1da3c90a72bf5527 Safari 4.0.5 (531.22.7) / 5.1 (7534.50)

          Utilities

          3dc02b55e44d6697 7-Zip 3.13 / 4.20
          4975d6798a8bdf66 7-Zip 4.65 / 9.20
          4b6925efc53a3c08 BCWipe 5.02.2 Task Manager 3.02.3
          337ed59af273c758 Sticky Notes
          290532160612e071 WinRAR 2.90 / 3.60 / 4.01
          c9950c443027c765 WinZip 9.0 SR-1 (6224) / 10.0 (6667)
          b74736c2bd8cc8a5 WinZip 15.5 (9468)
          bc0c37e84e063727 Windows Command Processor - cmd.exe (32-bit)

          Image/Document Viewers

          f0468ce1ae57883d Adobe Reader 7.1.0
          c2d349a0e756411b Adobe Reader 8.1.2
          23646679aaccfae0 Adobe Acrobat 9.4.0
          ee462c3b81abb6f6 Adobe Reader X 10.1.0
          386a2f6aa7967f36 EyeBrowse 2.7
          e31a6a8a7506f733 Image AXS Pro 4.1
          b39c5f226977725d ACDSee Pro 8.1.99
          59f56184c796cfd4 ACDSee Photo Manager 10 (Build 219)
          8bd5c6433ca967e9 ACDSee Photo Manager 2009 (v11.0 Build 113)
          d838aac097abece7 ACDSee Photo Manager 12 (Build 344)
          b3f13480c2785ae Paint 6.1 (build 7601: SP1)
          7cb0735d45243070 CDisplay 1.8.1.0
          3594aab44bca414b Windows Photo Viewer
          3edf100b207e2199 digiKam 1.7.0 (KDE 4.4.4)
          169b3be0bc43d592 FastPictureViewer Professional 1.6 (Build 211)
          e9a39dfba105ea23 FastStone Image Viewer 4.6
          edc786643819316c HoneyView3 #5834
          76689ff502a1fd9e Imagine Image and Animation Viewer 1.0.7
          2519133d6d830f7e IMatch 3.6.0.113
          1110d9896dceddb3 imgSeek 0.8.5
          c634153e7f5fce9c IrfanView 3.10 / 4.30
          ea83017cdd24374d IrfanView Thumbnails
          3917dd550d7df9a8 Konvertor 4.06 (Build 10)
          2fa14c7753239e4c Paint.NET 2.72 / 3.5.8.4081.24580
          d33ecf70f0b74a77 Picasa 2.2.0 (Build 28.08, 0)
          b17d3d0c9ca7e29 Picasa 3.8.0 (Build 117.43, 0)
          Embedded in IE Prizm Viewer
          depends on Location Scientific and Technical Document Viewer 1.6.2 Portable (STDU)
          c5c24a503b1727df XnView 1.98.2 Small / 1.98.2 Standard
          497b42680f564128 Zoner PhotoStudio 13 (Build 7)

          Media Players

          d22ad6d9d20e6857 ALLPlayer 4.7
          7494a606a9eef18e Crystal Player 1.98
          1cffbe973a437c74 DSPlayer 0.889 Lite
          817bb211c92fd254 GOM Player 2.0.12.3375 / 2.1.28.5039
          6bc3383cb68a3e37 iTunes 7.6.0.29 / 8.0.0.35
          83b03b46dcd30a0e iTunes 9.0.0.70 / 9.2.1.5 / 10.4.1.10 (begin custom 'Tasks' JL capability)
          fe5e840511621941 JetAudio 5.1.9.3018 Basic / 6.2.5.8220 Basic / 7.0.0 Basic / 8.0.16.2000 Basic
          a777ad264b54abab JetVideo 8.0.2.200 Basic
          3c93a049a30e25e6 J. River Media Center 16.0.149
          4a49906d074a3ad3 Media Go 1.8 (Build 121)
          1cf97c38a5881255 MediaPortal 1.1.3
          Depends on location Media Player Classic 6.4.8.9 (is portable)
          Depends on location Media Player Classic - Home Cinema 1.5.2.3456 (default install is /Users/ dir)
          62bff50b969c2575 Quintessential Media Player 5.0 (Build 121) - also usage stats (times used, tracks played, total time used)
          b50ee40805bd280f QuickTime Alternative 1.9.5 (Media Player Classic 6.4.9.1)
          ae3f2acd395b622e QuickTime Player 6.5.1 / 7.0.3 / 7.5.5 (Build 249.13)
          7593af37134fd767 RealPlayer 6.0.6.99 / 7 / 8 / 10.5
          37392221756de927 RealPlayer SP 12
          f92e607f9de02413 RealPlayer 14.0.6.666
          6e9d40a4c63bb562 Real Player Alternative 1.25 (Media Player Classic 6.4.8.2 / 6.4.9.0)
          c91d08dcfc39a506 SM Player 0.6.9 r3447
          e40cb5a291ad1a5b Songbird 1.9.3 (Build 1959)
          4d8bdacf5265a04f The KMPlayer 2.9.4.1434
          4acae695c73a28c7 VLC 0.3.0 / 0.4.6
          9fda41b86ddcf1db VLC 0.5.3 / 0.8.6i / 0.9.7 / 1.1.11
          e6ee34ac9913c0a9 VLC 0.6.2
          cbeb786f0132005d VLC 0.7.2
          f674c3a77cfe39d0 Winamp 2.95 / 5.1 / 5.621
          90e5e8b21d7e7924 Winamp 3.0d (Build 488)
          74d7f43c1561fc1e Windows Media Player 12.0.7601.17514

          Hope this is of use to some people.

          Regards,

          -Dan (@4n6k)


          --- In win4n6@yahoogroups.com, "Troy" <ntevidence@...> wrote:
          >
          > That corresponds to what I have found. Application removal does not remove
          > the Jumplist.
          >
          >
          >
          > From: win4n6@yahoogroups.com [mailto:win4n6@yahoogroups.com] On Behalf Of
          > keydet89
          > Sent: Tuesday, August 23, 2011 6:01 AM
          > To: win4n6@yahoogroups.com
          > Subject: [win4n6] Re: JumpList AppIds
          >
          >
          >
          >
          >
          > Something interesting that I found is that the iTunes Jump List was not
          > deleted when I uninstalled the application.
          >
          > --- In win4n6@yahoogroups.com <mailto:win4n6%40yahoogroups.com> , "keydet89"
          > <keydet89@> wrote:
          > >
          > > 17d3eb086439f0d7 TrueCrypt 7.0a
          > > adecfb853d77462a MSWord 2007
          > > c71ef2c372d322d7 PGP Desktop 10
          > > cdf30b95c55fd785 MSExcel 2007
          > > f5ac5390b9115fdb MSPowerPoint 2007
          > >
          > > 12dc1ea8e34b5a6 MSPaint 6.1
          > > 431a5b43435cc60b Python (.pyc)
          > > 469e4a7982cea4d4 ? (.job)
          > > 500b8c1d5302fc9c (.pyw)
          > > 50620fe75ee0093 VMWare Player 3.1.4
          > > 65009083bfa6a094 (app launched via XPMode)
          > > 7e4dca80246863e3 Control Panel (?)
          > > 83b03b46dcd30a0e iTunes 10
          > > b0459de4674aab56 (.vmcx)
          > >
          >
        • Stefan Kelm
          ... Thanks, Dan, it certainly is. Cheers, Stefan. -- Stefan Kelm BFK edv-consulting GmbH http://www.bfk.de/
          Message 4 of 19 , Sep 8, 2011
          View Source
          • 0 Attachment
            > Hope this is of use to some people.

            Thanks, Dan, it certainly is.

            Cheers,

            Stefan.

            --
            Stefan Kelm <skelm@...>
            BFK edv-consulting GmbH http://www.bfk.de/
            Kriegsstrasse 100 Tel: +49-721-96201-1
            D-76133 Karlsruhe Fax: +49-721-96201-99
          • Weg, Jimmy
            ________________________________________ From: win4n6@yahoogroups.com [win4n6@yahoogroups.com] on behalf of keydet89 [keydet89@yahoo.com] Sent: Tuesday, August
            Message 5 of 19 , Sep 14, 2011
            View Source
            • 0 Attachment
              ________________________________________
              From: win4n6@yahoogroups.com [win4n6@yahoogroups.com] on behalf of keydet89 [keydet89@...]
              Sent: Tuesday, August 23, 2011 5:05 AM
              To: win4n6@yahoogroups.com
              Subject: [win4n6] Re: JumpList AppIds

              Great stuff, Troy...thanks for sharing.

              I think it's important to point out that the information available in the various streams of a Jump List isn't necessarily uniform across all applications. I think Jimmy found this out...while the structure is pretty consistent, what's available isn't.

              For example, the Remote Desktop Client contains an identifier string in the DestList stream for each numbered stream, which by itself appears to be pretty useless. However, the LNK stream contains a command line entry, so correlating the DestList stream entry to the numbered stream gives you the command run along with when it was run.

              I've got another AppID that I'm tracing down, for which the numbered stream doesn't contain any embedded MAC times, as the LNK stream doesn't point to a file.

              I'm going to try to add to this list, Troy...thanks.
            • 4n6k.Dan
              Hey everyone, I ve compiled a few more AppID lists. This time around, the focus was on p2p, FTP, IRC, IM, Usenet, and even a few system cleaners. I ve
              Message 6 of 19 , Sep 15, 2011
              View Source
              • 0 Attachment
                Hey everyone,

                I've compiled a few more AppID lists. This time around, the focus was on p2p, FTP, IRC, IM, Usenet, and even a few system cleaners. I've replicated the lists below. And of course, if you'd like to get the full story along with some Jump List analysis, you can take a look at the Jump List Forensics: AppIDs Part 2 post on my blog. Just as last time, I'll be adding them to the ForensicsWiki soon. 

                Regards,

                -Dan (@4n6k)

                File Sharing/P2P
                e0f7a40340179171imule 1.4.5 (rev. 749)
                installs to .exe locAirDC++ 2.10
                76f6f1bd18c19698aMule 2.2.6
                cb5250eaef7e3213ApexDC++ 1.4.3.957
                bfc1d76f16fa778fAres (Galaxy) 1.8.4 / 1.9.8 / 2.1.0 / 2.1.7.3041
                (portable)Azureus 0.9.0 (portable)
                accca100973ef8dcAzureus 2.0.8.4
                ccb36ff8a8c03b4bAzureus 2.5.0.4 / Vuze 3.0.5.0
                558c5bd9f906860aBearShare Lite 5.2.5.1
                e1d47cb031dafb9fBearShare 6.0.0.22717 / 8.1.0.70928 / 10.0.0.112380
                (portable)BitComet 0.39 (portable)
                a31ec95fdd5f350fBitComet 0.49 / 0.59 / 0.69 / 0.79 / 0.89 / 0.99 / 1.07 / 1.28
                bcd7ba75303acbcfBitLord 1.1
                1434d6d62d64857dBitLord 1.2.0-66
                e73d9f534ed5618aBitSpirit 1.2.0.228 / 2.0 / 2.6.3.168 / 2.7.2.239 / 2.8.0.072 / 3.1.0.077 / 3.6.0.550
                c9374251edb4c1a8BitTornado T-0.3.17
                2d61cccb4338dfc8BitTorrent 5.0.0 / 6.0.0 / 7.2.1 (Build 25548)
                ba3a45f7fd2583e1Blubster 3.1.1
                4a7e4f6a181d3d08broolzShare
                f001ea668c0aa916Cabos 0.8.2
                (portable)CzDC 0.699 (portable)
                (portable)Datawire 1.3 (portable)
                (portable)DC++ 0.181 (portable)
                560d789a6a42ad5aDC++ 0.261 / 0.698 / 0.782 (r2402.1)
                4aa2a5710da3efe0DCSharpHub 2.0.0
                2db8e25112ab4453Deluge 1.3.3
                5b186fc4a0b40504Dtella 1.2.5 (Purdue network only)
                2437d4d14b056114EiskaltDC++ 2.2.3
                b3016b8da2077262eMule 0.50a
                cbbe886eca4bfc2dExoSee 1.0.0
                9ad1ec169bf2da7fFlylinkDC++ r405 (Build 7358)
                4dd48f858b1a6ba7Free Download Manager 3.0 (Build 852)
                (portable)Freenet (default install dir is C:\Users\$user\...)
                (portable)Frost 2011-03-05 (portable)
                f214ca2dd40c59c1FrostWire 4.20.9
                73ce3745a843c0a4 FrostWire 5.1.4
                98b0ef1c84088fulDC 6.78
                e6ea77a1d4553872Gnucleus 1.8.6.0
                ed49e1e6ccdba2f5GNUnet 0.8.1a
                cc4b36fbfb69a757 gtk-gnutella 0.97
                a746f9625f7695e8HeXHub 5.07
                223bf0f360c6fea5I2P 0.8.8 (restartable)
                2ff9dc8fb7e11f39I2P 0.8.8 (no window)
                ????????????????[i2p] i2phex 3.2.0.103.0
                f1a4c04eebef2906[i2p] Robert 0.0.29 Preferences
                ????????????????[i2p] Rufus 0.0.4
                c8e4c10e5460b00ciMesh 6.5.0.16898
                f61b65550a84027eiMesh 11.0.0.112351
                d460280b17628695Java Binary
                (portable)Jucy DC 0.85.0.201008281346 (portable)
                784182360de0c5b6Kazaa Lite 1.7.1
                a75b276f6e72cf2aKazaa Lite Tools K++ 2.7.0
                ba132e702c0147efKCeasy 0.19-rc1
                a8df13a46d66f6b5Kommute (Calypso) 0.24
                (portable)LamaHub 0.0.5.5 (portable)
                c5ef839d8d1c76f4LimeWire 5.2.13
                977a5d147aa093f4Lphant 3.51
                96252daff039437aLphant 7.0.0.112351
                e76a4ef13fbf2bb1Manolito 3.1.1
                99c15cf3e6d52b61mldonkey 3.1.0
                ff224628f0e8103cMorpheus 3.0.3.6
                (portable)MUTE File Sharing 0.5.1 (portable)
                See Java BinaryNodezilla Agent 0.5.15 - built in Java
                (portable)Perfect Dark 0.883 / 0.940 / 1.06 / 1.07 (all portable)
                See Java BinaryPhex 3.4.2 (Build 116) - built in Java
                792699a1373f1386Piolet 3.1.1
                ca1eb46544793057RetroShare 0.5.2a (Build 4550)
                3cf13d83b0bd3867RevConnect 0.674p (based on DC++)
                (portable)PtokaX DC Hub 0.4.1.2 (portable)
                (portable)RSX++ 1.21 (portable)
                5e01ecaf82f7d8eScour Exchange 0.0.0.228
                (portable)StrongDC++ 2.42 (portable)
                (portable)TkDC++ 1.3 (portable)
                5d7b4175afdcc260Shareaza 2.0.0.0
                b48ce76eda60b97Shareaza 8.0.0.112300
                23f08dab0f6aaf30SoMud 1.3.3
                135df2a440abe9bbSoulSeek 156c
                ecd21b58c2f65a2fStealthNet 0.8.7.9
                5ea2a50c7979fbdcTrustyFiles 3.1.0.22
                (portable)uTorrent 1.1.1-dev (Build 110) / 1.3.0 / 1.5.0 (all portable)
                cd8cafb0fb6afdabuTorrent 1.7.7 (Build 8179) / 1.8.5 / 2.0 / 2.21 (Build 25113) / 3.0 (Build 25583)
                a75b276f6e72cf2aWinMX 3.53
                490c000889535727WinMX 4.9.3.0
                (portable)Winny 2.0b7.1 - all languages (portable)
                (portable)xHub 0.2.6.7 (portable)
                (portable)YnHub 1.036.152 (portable)
                ac3a63b839ac9d3aVuze 4.6.0.4

                FTP

                d28ee773b2cea9b23D-FTP 9.0 build 7
                cd2acd4089508507AbsoluteTelnet 9.18 Lite
                e6ef42224b845020ALFTP 5.20.0.4
                9e0b3f677a26bbc4BitKinex 3.2.3
                4cdf7858c6673f4bBullet Proof FTP 1.26
                714b179e552596dfBullet Proof FTP 2.4.0 (Build 31)
                20ef367747c22564Bullet Proof FTP 2010.75.0.75
                44a50e6c87bc012Classic FTP Plus 2.15
                4fceec8e021ac978CoffeeCup Free FTP 3.5.0.0
                8deb27dfa31c5c2aCoffeeCup Free FTP 4.4 (Build 1904)
                49b5edbd92d8cd58FTP Commander 8.02
                6a316aa67a46820bCore FTP LE 1.3c (Build 1437) / 2.2 (Build 1689)
                be4875bb3e0c158fCrossFTP 1.75a
                c04f69101c131440CuteFTP 5.0 (Build 50.6.10.2)
                a79a7ce3c45d781 CuteFTP 7.1 (Build 06.06.2005.1)
                59e86071b87ac1c3CuteFTP 8.3 (Build 8.3.4.0007)
                d8081f151f4bd8a5CuteFTP 8.3 Lite (Build 8.3.4.0007)
                3198e37206f28dc7CuteFTP 8.3 Professional (Build 8.3.4.0007)
                f82607a219af2999Cyberduck 4.1.2 (Build 8999)
                fa7144034d7d083dDirectory Opus 10.0.2.0.4269 (JL tasks supported)
                f91fd0c57c4fe449ExpanDrive 2.1.0
                8f852307189803b8Far Manager 2.0.1807
                226400522157fe8bFileZilla Server 0.9.39 beta
                a1d19afe5a80f80 FileZilla 2.2.32
                e107946bb682ce47FileZilla 3.5.1
                b7cb1d1c1991accfFlashFXP 4.0.0 (Build 1548)
                8628e76fd9020e81Fling File Transfer Plus 2.24
                27da120d7e75cf1fpbFTPClient 6.1
                f64de962764b9b0fFTPRush 1.1.3 / 2.15
                10f5a20c21466e85FTP Voyager 15.2.0.17
                7937df3c65790919 FTP Explorer 10.5.19 (Build 001)
                9560577fd87cf573LeechFTP 1.3 (Build 207)
                fc999f29bc5c3560Robo-FTP 3.7.9
                c99ddde925d26df3Robo-FTP 3.7.9 CronMaker
                4b632cf2ceceac35Robo-FTP Server 3.2.5
                3a5148bf2288a434Secure FTP 2.6.1 (Build 20101209.1254)
                435a2f986b404eb7SmartFTP 4.0.1214.0
                explorer integratedSwish
                e42a8e0f4d9b8dcfSysax FTP Automation 5.15
                b8c13a5dd8c455a2Titan FTP Server 8.40 (Build 1338)
                7904145af324576eTotal Commander 7.56a (Build 16.12.2010)
                79370f660ab51725UploadFTP 2.0.1.0
                6a8b377d0f5cb666WinSCP 2.3.0 (Build 146)
                9a3bdae86d5576eeWinSCP 3.2.1 (Build 174) / 3.8.0 (Build 312)
                6bb54d82fa42128dWinSCP 4.3.4 (Build 1428)
                b6267f3fcb700b60WiseFTP 4.1.0
                a581b8002a6eb671WiseFTP 5.5.9
                2544ff74641b639dWiseFTP 6.1.5
                c54b96f328bdc28dWiseFTP 7.3.0
                Web-basedWS_FTP

                IM/Communications

                b3965c840bf28ef4AIM 4.8.2616
                1b29f0dc90366bbAIM 5.9.3857
                27ececd8d89b6767AIM 6.2.14.2 / 6.5.3.12 / 6.9.17.2
                6f647f9488d7aAIM 7.5.11.9 (custom AppID + JL support)
                ca942805559495e9aMSN 0.98.4
                c6f7b5bf1b9675e4BitWise IM 1.7.3a
                fb1f39d1f230480aBopup Messenger 5.6.2.9178 (all languages: en;du;fr;ger;rus;es)
                dc64de6c91c18300Brosix Communicator 3.1.3 (Build 110719 nid 1)
                f09b920bfb781142Camfrog 4.0.47 / 5.5.0 / 6.1 (build 146) (JL support)
                ebd8c95d87f25154Carrier 2.5.5
                (portable)Coccinella Messenger 0.96.20 (portable)
                30d23723bdd5d908Digsby (Build 30140) (JL support)
                728008617bc3e34beM Client 3.0.10206.0
                689319b6547cda85emesene 2.11.7
                454ef7dca3bb16b2Exodus 0.10.0.0
                cca6383a507bac64Gadu-Gadu 10.5.2.13164
                4278d3dc044fc88aGaim 1.5.0
                777483d3cdac1727Gajim 0.14.4
                6aa18a60024620aeGCN 2.9.1
                3f2cd46691bbee90GOIM 1.1.0
                73c6a317412687c2Google Talk 1.0.0.104
                b0236d03c0627ac4ICQ 5.1 / ICQLite Build 1068
                a5db18f617e28a51ICQ 6.5 (Build 2024)
                2417caa1f2a881d4ICQ 7.6 (Build 5617)
                recognized VMinSpeak 7.2.0.540
                989d7545c2b2e7b2IMVU 465.8.0.0
                a3e0d98f5653b539Instantbird 1.0 (20110623121653) (JL support)
                bcc705f705d8132bInstan-t 5.2 (Build 2824)
                6059df4b02360afKadu 0.10.0 / 0.6.5.5
                c312e260e424ae76Mail.Ru Agent 5.8 (JL support)
                22cefa022402327dMeca Messenger 5.3.0.52
                (portable) Mercury Messenger (portable)
                86b804f7a28a3c17Miranda IM 0.6.8 / 0.7.6 / 0.8.27 / 0.9.9 / 0.9.29 (ANSI + Unicode)
                b868d9201b866d96Microsoft Lync 4.0.7577.0
                8c816c711d66a6b5MSN Messenger 6.2.0137 / 7.0.0820
                (portable)MSNPSharp (portable)
                2d1658d5dc3cbe2dMySpaceIM 1.0.823.0 Beta
                bf9ae1f46bd9c491Nimbuzz 2.0.0 (rev 6266)
                fb7ca8059b8f2123ooVoo 3.0.7.21
                efb08d4e11e21ecePaltalk Messenger 10.0 (Build 409)
                4f24a7b84a7de5a6Palringo 2.6.3 (r45983)
                e93dbdcede8623f2Pandion 2.6.106
                aedd2de3901a77f4Pidgin 2.0.0 / 2.10.0 / 2.7.3
                c5236fd5824c9545PLAYXPERT 1.0.140.2822
                dee18f19c7e3a2ecPopNote 5.21
                1a60b1067913516aPsi 0.14
                e0532b20aa26a0c9QQ International 1.1 (2042)
                3c0022d9de573095QuteCom 2.2
                93b18adf1d948fa3qutIM 0.2
                e0246018261a9cccqutIM 0.2.80.0
                2aa756186e21b320RealTimeQuery 3.2
                521a29e5d22c13b4Skype 1.4.0.84 / 2.5.0.154 / 3.8.0.139 / 4.2.0.187 / Skype 5.3.0.120 / 5.5.0.115 / 5.5.32.117
                70b52cf73249257Sococo 1.5.0.2274
                d41746b133d17456Tkabber 0.11.1
                c8aa3eaee3d4343dTrillian 0.74 / 3.1 / 4.2.0.25 / 5.0.0.35 (JL support)
                d7d647c92cd5d1e6uTalk 2.6.4 r47692
                36c36598b08891bfVovox 2.5.3.4250
                884fd37e05659f3aVZOchat 6.3.5
                3461e4d1eb393c9cWTW 0.8.18.2852 / 0.8.19.2940
                f2cb1c38ab948f58X-Chat 1.8.10 / 2.6.9 / 2.8.9
                4e0ac37db19cba15Xfire 1.138 (Build 44507)
                da7e8de5b8273a0fYahoo Messenger 5.0.0.1226 / 6.0.0.1922
                62dba7fb39bb0adcYahoo Messenger 7.5.0.647 / 8.1.0.421 / 9.0.0.2162 / 10.0.0.1270
                fb230a9fe81e71a8Yahoo Messenger 11.0.0.2014-us
                b06a975b62567622Windows Live Messenger 8.5.1235.0517 BETA
                bd249197a6faeff2Windows Live Messenger 2011

                IRC

                b223c3ffbc0a7a42Bersirc 2.2.14
                c01d68e40226892bClicksAndWhistles 2.7.146
                ac8920ed05001800DMDirc 0.6.5 (Profile store: C:\Users\$user\AppData\Roaming\DMDirc\)
                d3530c5294441522HydraIRC 0.3.165
                8904a5fd2d98b546IceChat 7.70 20101031
                6b3a5ce7ad4af9e4IceChat 9 RC2
                fa496fe13dd62edfKVIrc 3.4.2.1 / 4.0.4
                65f7dd884b016ab2 LimeChat 2.39
                19ccee0274976da8mIRC 4.72 / 5.61
                ae069d21df1c57dfmIRC 6.35 / 7.19
                e30bbea3e1642660Neebly 1.0.4
                54c803dfc87b52baNettalk 6.7.12
                dd658a07478b46c2PIRCH98 1.0.1.1190
                (portable)Quassel IRC 0.7.1 (portable)
                6fee01bd55a634feSmuxi 0.8.0.0
                2a5a615382a84729X-Chat 2 2.8.6-2

                Usenet Newsreaders

                ace8715529916d3140tude Dialog 2.0.15.1 (Beta 38)
                cc76755e0f925ce6AllPicturez 1.2
                36f6bc3efe1d99e0Alt.Binz 0.25.0 (Build 27.09.2007)
                d53b52fb65bde78cAndroid Newsgroup Downloader 6.2
                c845f3a6022d647cAnother File 2.03 (Build 2/7/2004)
                780732558f827a42AutoPix 5.3.3
                baea31eacd87186bBinaryBoy 1.97 (Build 55)
                eab25958dbddbaa4Binary News Reaper 2 (Beta 0.14.7.448)
                bf483b423ebbd327Binary Vortex 5.0
                36801066f71b73c5Binbot 2.0
                13eb0e5d9a49eaefBinjet 3.0.2
                8172865a9d5185cbBinreader 1.0 (Beta 1)
                6224453d9701a612BinTube 3.7.1.0 (requires VLC 10.5!)
                cf6379a9a987366eDigibin 1.31
                43886ba3395acdccEasy Post 3.0
                cfab0ec14b6f953Express NewsPictures 2.41 (Build 08.05.07.0)
                7526de4a8b5914d9Forte Agent 6.00 (Build 32.1186)
                c02baf50d02056fc FotoVac 1.0
                3ed70ef3495535f7Gravity 3.0.4
                86781fe8437db23eMessenger Pro 2.66.6.3353
                f920768fe275f7f4Grabit 1.5.3 Beta (Build 909) / 1.6.2 (Build 940) / 1.7.2 Beta 4 (Build 997)
                9f03ae476ad461faGroupsAloud 1.0
                d0261ed6e16b200bNews File Grabber 4.6.0.4
                8211531a7918b389Newsbin Pro 6.00 (Build 1019) (JL support)
                d1fc019238236806Newsgroup Commander Pro 9.05
                186b5ccada1d986bNewsGrabber 3.0.36
                4d72cfa1d0a67418Newsgroup Image Collector
                92f1d5db021cd876NewsLeecher 4.0 / 5.0 Beta 6
                d7666c416cba240cNewsMan Pro 3.0.5.2
                7b2b4f995b54387dNews Reactor 20100224.16
                cb984e3bc7faf234NewsRover 17.0 (Rev.0)
                c98ab5ccf25dda79NewsShark 2.0
                dba909a61476ccecNewsWolf 1.41
                2b164f512891ae37NewsWolf NSListGen
                cb1d97aca3fb7e6bNewz Crawler 1.9.0 (Build 4100)
                3be7b307dfccb58fNiouzeFire 0.8.7.0
                de76415e0060ce13Noworyta News Reader 2.9
                cd40ead0b1eb15abNNTPGrab 0.6.2
                d5c02fc7afbb3fd4 NNTPGrab 0.6.2 Server
                a4def57ee99d77e9Nomad News 1.43
                3f97341a65bac63aOzum 6.07 (Build 6070)
                bfe841f4d35c92b1QuadSucker/News 5.0
                web-basedsabnzbd 0.6.8
                d3c5cf21e86b28afSeaMonkey 2.3.3
                7a7c60efd66817a2Spotnet 1.7.4
                eb3300e672136bc7Stream Reactor 1.0 Beta 9 (uses VLC!)
                3168cc975b354a01Slypheed 3.1.2 (Build 1120)
                776beb1fcfc6dfa5Thunderbird 1.0.6 (20050716) / 3.0.2
                3d877ec11607fe4Thunderbird 6.0.2
                7192f2de78fd9e96TIFNY 5.0.3
                9dacebaa9ac8ca4eTLNews Newsreader 2.2.0 (Build 2430)
                7fd04185af357bd5UltraLeeacher 1.7.0.2969 / 1.8 Beta (Build 3490)
                aa11f575087b3bdcUnzbin 2.6.8
                pay onlyUsenet Explorer 3.3 (pay)
                d7db75db9cdd7c5dXnews 5.04.25

                System Cleaners

                ed7a5cc3cca8d52aCCleaner 1.32.345 / 1.41.544 / 2.36.1233 / 3.10.1525
                eb7e629258d326a1WindowWasher 6.6.1.18


                On Wed, Sep 14, 2011 at 5:05 PM, Weg, Jimmy <jweg@...> wrote:

                ________________________________________
                From: win4n6@yahoogroups.com [win4n6@yahoogroups.com] on behalf of keydet89 [keydet89@...]
                Sent: Tuesday, August 23, 2011 5:05 AM
                To: win4n6@yahoogroups.com
                Subject: [win4n6] Re: JumpList AppIds

                Great stuff, Troy...thanks for sharing.

                I think it's important to point out that the information available in the various streams of a Jump List isn't necessarily uniform across all applications. I think Jimmy found this out...while the structure is pretty consistent, what's available isn't.

                For example, the Remote Desktop Client contains an identifier string in the DestList stream for each numbered stream, which by itself appears to be pretty useless. However, the LNK stream contains a command line entry, so correlating the DestList stream entry to the numbered stream gives you the command run along with when it was run.

                I've got another AppID that I'm tracing down, for which the numbered stream doesn't contain any embedded MAC times, as the LNK stream doesn't point to a file.

                I'm going to try to add to this list, Troy...thanks.






                ------------------------------------

                Yahoo! Groups Links

                <*> To visit your group on the web, go to:
                   http://groups.yahoo.com/group/win4n6/

                <*> Your email settings:
                   Individual Email | Traditional

                <*> To change settings online go to:
                   http://groups.yahoo.com/group/win4n6/join
                   (Yahoo! ID required)

                <*> To change settings via email:
                   win4n6-digest@yahoogroups.com
                   win4n6-fullfeatured@yahoogroups.com

                <*> To unsubscribe from this group, send an email to:
                   win4n6-unsubscribe@yahoogroups.com

                <*> Your use of Yahoo! Groups is subject to:
                   http://docs.yahoo.com/info/terms/


              • Weg, Jimmy
                The latest version of X-Ways Forensics is parsing the AutoDest files together with DestList streams. The presentation is quite nice, in that it lists the
                Message 7 of 19 , Sep 21, 2011
                View Source
                • 0 Attachment

                  The latest version of X-Ways Forensics is parsing the AutoDest files together with DestList streams.  The presentation is quite nice, in that it lists the numbered stream with its target file information and the date/time from the DestList stream (adjusted to desired time zone).  The streams, of course, provide a bit more information, but that’s what XWF is parsing at the moment and is still very helpful. 

                   

                  Jimmy Weg, CFCE

                  Agent in Charge, Computer Crime Unit

                  Montana Division of Criminal Investigation

                  2225 11th Ave.

                  Helena, MT 59601

                  406.444.6681

                  406.465.5617 (cell)

                  jweg@...

                   

                   

                • Mark Woan
                  I recently updated JumpLister to do DestList parsing, which worked fine, however, I changed the way that the application works, previously it opened the file
                  Message 8 of 19 , Sep 23, 2011
                  View Source
                  • 0 Attachment
                    I recently updated JumpLister to do DestList parsing, which worked fine, however, I changed the way that the application works, previously it opened the file and loaded the compound file data identified (excluding the DestList data), now it loads the DestList data and looks for the streams identified in the DestList. Steward DeWitt has sent me some files that contain DestList entries that don't actually exist as LNK entries within the JumpList file. Has anyone else seen this? 

                    Mark

                    On 21 September 2011 23:47, Weg, Jimmy <jweg@...> wrote:
                     

                    The latest version of X-Ways Forensics is parsing the AutoDest files together with DestList streams.  The presentation is quite nice, in that it lists the numbered stream with its target file information and the date/time from the DestList stream (adjusted to desired time zone).  The streams, of course, provide a bit more information, but that’s what XWF is parsing at the moment and is still very helpful. 

                     

                    Jimmy Weg, CFCE

                    Agent in Charge, Computer Crime Unit

                    Montana Division of Criminal Investigation

                    2225 11th Ave.

                    Helena, MT 59601

                    406.444.6681

                    406.465.5617 (cell)

                    jweg@...

                     

                     


                  • keydet89
                    Mark, I ve seen issues such as you describe, as well as others, such as when the compound file appears to be incomplete, which causes other tools to fail. I
                    Message 9 of 19 , Sep 23, 2011
                    View Source
                    • 0 Attachment
                      Mark,

                      I've seen issues such as you describe, as well as others, such as when the compound file appears to be incomplete, which causes other tools to fail. I believe that this was a result of the JumpList files being acquired from a live system.
                    Your message has been successfully submitted and would be delivered to recipients shortly.