lnk_info

information about Microsoft Windows LNK files

lnk_info shows information about LNK files.

  • creation_date: <string> date in ISO8601 format.
  • access_date: <string> date in ISO8601 format.
  • modification_date: <string> date in ISO8601 format.
  • link_flags: <list of strings> basic properties of the LNK file.
  • target_path: <string> (optional) target path from Link Target Identifier fields.
  • icon_location: <string> (optional) path to the icon location.
  • mac_address: <string> (optional) network MAC address.
  • mac_vendor_name: <string> (optional) network vendor name from MAC address.
  • machine_id: <string> (optional) computer name.
  • working_directory: <string> (optional) target working directory.
  • relative_path: <string> (optional) target file relative path.
  • command_line_arguments: <string> (optional).
  • volume_serial_number: <string> (optional) disk volume serial number.
  • volume_label: <string> (optional) disk volume label.
  • local_path: <string> (optional).
  • common_path: <string> (optional).
  • network_share_name: <string> (optional).
{
  "data": {
        ...
    "attributes" : {
      ...
      "lnkcheck": {
        "creation_date": "<string:ISO8601>", 
        "access_date": "<string:ISO8601>", 
        "modification_date": "<string:ISO8601>", 
        "link_flags": ["<string>",...],
        "target_path": "<string>",
        "icon_location": "<string>",
        "mac_address": "<string>",
        "mac_vendor_name": "<string>",
        "machine_id": "<string>",
        "working_directory": "<string>",
        "relative_path": "<string>",
        "command_line_arguments": "<string>",
        "volume_serial_number": "<string>",
        "volume_label": "<string>", 
        "local_path": "<string>",
        "common_path": "<string>",
        "network_share_name": "<string>"
      }
    }
  }
}

{
  "data": {
    "attributes": {
      "lnk_info": {
        "mac_vendor_name": "VMware, Inc.",
        "machine_id": "445817",
        "link_flags": [
          "HasTargetIDList",
          "HasLinkInfo",
          "HasRelativePath",
          "IsUnicode",
          "HasWorkingDir"
        ],
        "modification_date": "2021-06-29T12:09:10.278896Z",
        "creation_date": "2021-06-29T12:09:22.435120Z",
        "target_path": "My Computer (Computer) : C:\\Program Files\\Greenrain\\Submission\\unins000.exe",
        "relative_path": "..\\..\\..\\..\\..\\..\\Program Files\\Greenrain\\Submission\\unins000.exe",
        "local_path": "C:\\Program Files\\Greenrain\\Submission\\unins000.exe",
        "working_directory": "C:\\Program Files\\Greenrain\\Submission",
        "mac_address": "00:50:56:a0:09:e3",
        "access_date": "2021-06-29T12:09:22.513231Z",
        "volume_serial_number": "4556-01a2"
      }
    }
  }
}