In diary entry Office maldoc + .lnk we analyzed a Windows shortcut file (.lnk) and looked for metadata, but it didn width:1037px" />
This time we have more metadata, under TrackerDataBlock we can find the machine name (frank), a VolumeID and a MAC address.
The MAC address starts with 00:0C:29, that range is assigned to VMware. So we are dealing with a virtual machine.
The target (cmd.exe) has size 301568: this is cmd.exe on Windows 7.
Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.comDidierStevensLabs.com