Module 9 – JumpLists Parser and JumpLists Explorer
Download: https://ericzimmerman.github.io/#!index.md
- JumpList Parser: JLECmd.exe (cmd tool)
- Command for directory analysis
- JLECmd.exe –d folder
- JumpList Parser command syntax for file analysis:
- JLECmd.exe –f file.lnk
- JumpList Explorer: JumpListExplorer.exe (GUI tool)
- C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestination
- C:\Users\User\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations
- Jump Lists parser
- JLECmd.exe
- Directory parsing
- JLECmd.exe -d Recent-Files
- Directory parsing and saving output to the csv file in the current directory
- JLECmd.exe -d Recent-Files -q –csv
- 20220315221407_AutomaticDestinations.csv
- Source file location: C:\Users\User\Desktop\Recent-Files\AutomaticDestinations\f01b….-ms
- AppID and associated application: Windows Explorer
- Target file location: C:\Program Files\7-Zip
- Machine name: windev2112eval
- MAC address: 08:00:27:1d:b7:81 (associated with file)
- 20220315221408_CustomDestinations.csv
- Source file location: C:\Users\User\Desktop\Recent-Files\CustomDestinations\6824….-ms
- AppID and associated application: Firefox 64.0
- Target file location: C:\Program Files\7-Zip
- Machine name: windev2112eval
- MAC address: 08:00:27:1d:b7:81 (associated with file)
- yyyymmddhhmmss_AutomaticDestinations.csv
- yyyymmddhhmmss_CustomDestinations.csv
- Command for directory analysis
