dorothy2 1.2.0 → 2.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/CHANGELOG +39 -14
- data/README.md +80 -62
- data/UPDATE +6 -14
- data/bin/dorothy2 +472 -0
- data/dorothy2.gemspec +22 -16
- data/etc/ddl/dorothive.ddl +619 -373
- data/etc/sources.yml.example +27 -2
- data/lib/doroGUI.rb +232 -0
- data/lib/doroParser.rb +34 -78
- data/lib/dorothy2.rb +288 -248
- data/lib/dorothy2/BFM.rb +114 -61
- data/lib/dorothy2/DEM.rb +3 -1
- data/lib/dorothy2/NAM.rb +2 -2
- data/lib/dorothy2/Settings.rb +2 -1
- data/lib/dorothy2/VSM.rb +2 -1
- data/lib/dorothy2/deep_symbolize.rb +2 -7
- data/lib/dorothy2/do-init.rb +286 -19
- data/lib/dorothy2/do-logger.rb +1 -1
- data/lib/dorothy2/do-utils.rb +382 -33
- data/lib/dorothy2/version.rb +1 -1
- data/lib/dorothy2/vtotal.rb +30 -20
- data/lib/mu/xtractr.rb +11 -11
- data/lib/mu/xtractr/stream.rb +1 -1
- data/lib/www/public/reset.css +153 -0
- data/lib/www/public/style.css +65 -0
- data/lib/www/views/analyses.erb +28 -0
- data/lib/www/views/email.erb +63 -0
- data/lib/www/views/flows.erb +30 -0
- data/lib/www/views/layout.erb +27 -0
- data/lib/www/views/profile.erb +49 -0
- data/lib/www/views/queue.erb +28 -0
- data/lib/www/views/resume.erb +135 -0
- data/lib/www/views/resume.erb~ +88 -0
- data/lib/www/views/samples.erb +20 -0
- data/lib/www/views/upload.erb +154 -0
- data/share/img/The_big_picture.pdf +0 -0
- data/test/tc_dorothy_full.rb +3 -0
- metadata +169 -70
- data/TODO +0 -27
- data/bin/dorothy_start +0 -225
- data/bin/dorothy_stop +0 -28
- data/bin/dparser_start +0 -94
- data/bin/dparser_stop +0 -31
- data/etc/dorothy copy.yml.example +0 -39
- data/etc/extensions.yml +0 -41
- data/share/update-dorothive.sql +0 -19
data/bin/dorothy_start
DELETED
@@ -1,225 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
|
3
|
-
# Copyright (C) 2010-2013 marco riccardi.
|
4
|
-
# This file is part of Dorothy - http://www.honeynet.it/
|
5
|
-
# See the file 'LICENSE' for copying permission.
|
6
|
-
|
7
|
-
require 'rubygems'
|
8
|
-
require 'trollop'
|
9
|
-
require 'dorothy2' #comment for testing/developmnet
|
10
|
-
|
11
|
-
#load '../lib/dorothy2.rb' #uncomment for testing/developmnet
|
12
|
-
|
13
|
-
include Dorothy
|
14
|
-
|
15
|
-
|
16
|
-
opts = Trollop.options do
|
17
|
-
banner <<-EOS
|
18
|
-
|
19
|
-
####################################################
|
20
|
-
## ##
|
21
|
-
## The Dorothy Malware Analysis Framework 2.0 ##
|
22
|
-
## ##
|
23
|
-
####################################################
|
24
|
-
|
25
|
-
marco.riccardi@honeynet.it
|
26
|
-
www.honeynet.it/dorothy
|
27
|
-
|
28
|
-
|
29
|
-
Usage:
|
30
|
-
dorothy_start [options]
|
31
|
-
where [options] are:
|
32
|
-
EOS
|
33
|
-
|
34
|
-
opt :Version, "Print the current version."
|
35
|
-
opt :verbose, "Enable verbose mode"
|
36
|
-
opt :infoflow, "Print the analysis flow"
|
37
|
-
opt :baseline, "Create a new process baseline"
|
38
|
-
opt :source, "Choose a source (from the ones defined in etc/sources.yml)", :type => :string
|
39
|
-
opt :daemon, "Stay in the backround, by constantly pooling datasources"
|
40
|
-
opt :manual, "Start everything, copy the file, and wait for me."
|
41
|
-
opt :SandboxUpdate, "Update Dorothive with the new Sandbox file"
|
42
|
-
opt :DorothiveInit, "(RE)Install the Dorothy Database (Dorothive)", :type => :string
|
43
|
-
|
44
|
-
end
|
45
|
-
|
46
|
-
if opts[:infoflow]
|
47
|
-
puts "
|
48
|
-
The Dorothy Malware Analysis Framework 2.0
|
49
|
-
---------------Execution Flow-------------
|
50
|
-
#0) Fetch new malwares
|
51
|
-
#1) Start VM
|
52
|
-
#2) Copy File to VM
|
53
|
-
#3) Start Sniffer
|
54
|
-
#4) Execute file into VM
|
55
|
-
#5) Make screenshot
|
56
|
-
#6) Wait X minutes (configure X in the conf file)
|
57
|
-
#7) Save the running processes
|
58
|
-
#8) Stop Sniffer
|
59
|
-
#9) Download Screenshot and trafficdump
|
60
|
-
#10) Compare the aquired process list with the one taken during the baseline run. Find the new spawned processes.
|
61
|
-
#11) Try to retreive malware info from VirusTotal
|
62
|
-
#12) Insert data into Dorothy-DB
|
63
|
-
------------------------------------------
|
64
|
-
"
|
65
|
-
|
66
|
-
exit(0)
|
67
|
-
end
|
68
|
-
|
69
|
-
if opts[:Version]
|
70
|
-
puts "Dorothy ".yellow + Dorothy::VERSION
|
71
|
-
exit(0)
|
72
|
-
end
|
73
|
-
|
74
|
-
puts "
|
75
|
-
|
76
|
-
####################################################
|
77
|
-
## ##
|
78
|
-
## The Dorothy Malware Analysis Framework 2.0 ##
|
79
|
-
## ##
|
80
|
-
####################################################
|
81
|
-
|
82
|
-
"
|
83
|
-
|
84
|
-
#VARS
|
85
|
-
HOME = File.expand_path("..",File.dirname(__FILE__))
|
86
|
-
VERBOSE = (opts[:verbose] ? true : false)
|
87
|
-
daemon = (opts[:daemon] ? true : false)
|
88
|
-
MANUAL = (opts[:manual] ? true : false)
|
89
|
-
|
90
|
-
if MANUAL && daemon
|
91
|
-
"[Dorothy]".yellow + " Manual and Deamon modes can't be executed together"
|
92
|
-
exit(1)
|
93
|
-
end
|
94
|
-
|
95
|
-
|
96
|
-
#DEFAULT CONF FILES
|
97
|
-
#conf = HOME + '/etc/dorothy.yml'
|
98
|
-
|
99
|
-
conf = "#{File.expand_path("~")}/.dorothy.yml"
|
100
|
-
|
101
|
-
|
102
|
-
#LOAD ENV
|
103
|
-
if Util.exists?(conf)
|
104
|
-
DoroSettings.load!(conf)
|
105
|
-
else
|
106
|
-
DoroConfig.create
|
107
|
-
exit(0)
|
108
|
-
end
|
109
|
-
|
110
|
-
|
111
|
-
#LOAD EXTENSION MGT FILE
|
112
|
-
EXTENSIONS=YAML.load_file("#{DoroSettings.env[:home]}/etc/extensions.yml")
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
#Logging
|
117
|
-
logout = (daemon ? DoroSettings.env[:logfile] : STDOUT)
|
118
|
-
LOGGER = DoroLogger.new(logout, DoroSettings.env[:logage])
|
119
|
-
LOGGER.sev_threshold = DoroSettings.env[:loglevel]
|
120
|
-
|
121
|
-
|
122
|
-
if opts[:baseline]
|
123
|
-
puts "[" + "+".red + "] " + "[DOROTHY]".yellow + "Creating a new process baseline."
|
124
|
-
Dorothy.run_baseline
|
125
|
-
puts "[" + "+".red + "] " + "[WARNING]".red + "Baseline run finished."
|
126
|
-
exit(0)
|
127
|
-
end
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
home = DoroSettings.env[:home]
|
132
|
-
#check homefolder
|
133
|
-
unless Util.exists?(home)
|
134
|
-
DoroConfig.init_home(home)
|
135
|
-
end
|
136
|
-
|
137
|
-
sfile = home + '/etc/sources.yml'
|
138
|
-
sboxfile = home + '/etc/sandboxes.yml'
|
139
|
-
baseline_procs = home + '/etc/baseline_processes.yml'
|
140
|
-
|
141
|
-
if opts[:DorothiveInit]
|
142
|
-
Util.init_db(opts[:DorothiveInit])
|
143
|
-
puts "[" + "+".red + "] " + "[Dorothy]".yellow + " Database loaded, now you can restart Dorothy!"
|
144
|
-
exit(0)
|
145
|
-
end
|
146
|
-
|
147
|
-
#INIT DB Connector
|
148
|
-
begin
|
149
|
-
db = Insertdb.new
|
150
|
-
rescue => e
|
151
|
-
if e.inspect =~ /exist/
|
152
|
-
puts "[" + "+".red + "] " + "WARNING".yellow + " The database doesn't exist yet. Press Enter to load the ddl into the DB"
|
153
|
-
gets
|
154
|
-
Util.init_db(DoroSettings.dorothive[:ddl])
|
155
|
-
exit(0)
|
156
|
-
else
|
157
|
-
puts "[" + "+".red + "] " + "ERROR".red + " Can't connect to the database"
|
158
|
-
puts e
|
159
|
-
exit(0)
|
160
|
-
end
|
161
|
-
end
|
162
|
-
|
163
|
-
|
164
|
-
if opts[:SandboxUpdate]
|
165
|
-
puts "[" + "+".red + "] " + "[Dorothy]".yellow + " Loading #{sboxfile} into Dorothive"
|
166
|
-
DoroConfig.init_sandbox(sboxfile)
|
167
|
-
puts "[" + "+".red + "] " + "[Dorothy]".yellow + " Done."
|
168
|
-
exit(0)
|
169
|
-
end
|
170
|
-
|
171
|
-
if Util.exists?(sfile)
|
172
|
-
sources = YAML.load_file(sfile)
|
173
|
-
#check if all the source directories exist
|
174
|
-
sources.keys.each do |s|
|
175
|
-
unless Util.exists?("#{sources[s]["localdir"]}")
|
176
|
-
LOGGER.warn "INIT", "Warning, the source's localdir #{s} doesn't exist yet, I'm going to create it"
|
177
|
-
Dir.mkdir("#{sources[s]["localdir"]}")
|
178
|
-
end
|
179
|
-
end
|
180
|
-
else
|
181
|
-
puts "[" + "+".red + "] " + "[WARNING]".red + " A source file doesn't exist, please crate one into #{home}/etc. See the example file in #{HOME}/etc/sources.yml.example"
|
182
|
-
exit(0)
|
183
|
-
end
|
184
|
-
|
185
|
-
unless Util.exists?(sboxfile)
|
186
|
-
puts "[" + "+".red + "] " + "[WARNING]".red + " There is no sandbox configured yet. Please do it now."
|
187
|
-
DoroConfig.create_sandbox(sboxfile)
|
188
|
-
DoroConfig.init_sandbox(sboxfile)
|
189
|
-
end
|
190
|
-
|
191
|
-
unless Util.exists?(baseline_procs)
|
192
|
-
puts "[" + "+".red + "] " + "[WARNING]".red + " There is no process-baseline file yet, Dorothy is going to create one."
|
193
|
-
Dorothy.run_baseline
|
194
|
-
puts "[" + "+".red + "] " + "[WARNING]".red + " Baseline run finished."
|
195
|
-
exit(0)
|
196
|
-
end
|
197
|
-
|
198
|
-
BASELINE_PROCS = YAML.load_file(baseline_procs)
|
199
|
-
|
200
|
-
#Check DB sandbox data
|
201
|
-
if db.table_empty?("sandboxes")
|
202
|
-
puts "[" + "+".red + "] " + "[WARNING]".red + " No sandbox found in Dorothive, the DB will be filled with " + sboxfile
|
203
|
-
DoroConfig.init_sandbox(sboxfile)
|
204
|
-
end
|
205
|
-
|
206
|
-
if opts[:source] && !sources.key?(opts[:source])
|
207
|
-
puts "[" + "+".red + "] " + "[WARNING]".red + " The selected source is not yet configured.\nThe available sources are: "
|
208
|
-
puts "[" + "+".red + "] " + sources.keys
|
209
|
-
exit(0)
|
210
|
-
end
|
211
|
-
|
212
|
-
db.close
|
213
|
-
|
214
|
-
begin
|
215
|
-
Dorothy.start sources[opts[:source]], daemon
|
216
|
-
rescue SignalException
|
217
|
-
Dorothy.stop_running_analyses
|
218
|
-
rescue => e
|
219
|
-
puts "[" + "+".red + "] " + "[Dorothy]".yellow + " An error occurred: \n".red + e.inspect
|
220
|
-
puts "[" + "+".red + "] " + "[Dorothy]".yellow + " For more information check the logfile \n" + e.inspect if daemon
|
221
|
-
LOGGER.error "Dorothy", "An error occurred: \n" + e.inspect
|
222
|
-
LOGGER.debug "Dorothy", "#{e.inspect} --BACKTRACE: #{e.backtrace}"
|
223
|
-
LOGGER.info "Dorothy", "Dorothy has been stopped"
|
224
|
-
end
|
225
|
-
|
data/bin/dorothy_stop
DELETED
@@ -1,28 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
|
3
|
-
# Copyright (C) 2013 marco riccardi.
|
4
|
-
# This file is part of Dorothy - http://www.honeynet.it/dorothy
|
5
|
-
# See the file 'LICENSE' for copying permission.
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
require 'rubygems'
|
10
|
-
require 'trollop'
|
11
|
-
require 'dorothy2'
|
12
|
-
|
13
|
-
#load '../lib/dorothy2.rb'
|
14
|
-
|
15
|
-
include Dorothy
|
16
|
-
|
17
|
-
conf = "#{File.expand_path("~")}/.dorothy.yml"
|
18
|
-
DoroSettings.load!(conf)
|
19
|
-
|
20
|
-
#Logging
|
21
|
-
|
22
|
-
LOGGER = DoroLogger.new(DoroSettings.env[:logfile], DoroSettings.env[:logage])
|
23
|
-
LOGGER.sev_threshold = DoroSettings.env[:loglevel]
|
24
|
-
|
25
|
-
|
26
|
-
Dorothy.stop
|
27
|
-
|
28
|
-
|
data/bin/dparser_start
DELETED
@@ -1,94 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
|
3
|
-
# Copyright (C) 2013 marco riccardi.
|
4
|
-
# This file is part of Dorothy - http://www.honeynet.it/
|
5
|
-
# See the file 'LICENSE' for copying permission.
|
6
|
-
|
7
|
-
require 'rubygems'
|
8
|
-
require 'trollop'
|
9
|
-
require 'dorothy2'
|
10
|
-
require 'doroParser'
|
11
|
-
|
12
|
-
#load '../lib/dorothy2.rb'
|
13
|
-
#load '../lib/doroParser.rb'
|
14
|
-
|
15
|
-
include Dorothy
|
16
|
-
include DoroParser
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
opts = Trollop.options do
|
21
|
-
banner <<-EOS
|
22
|
-
|
23
|
-
####################################################
|
24
|
-
## ##
|
25
|
-
## The Dorothy Malware Analysis Framework 2.0 ##
|
26
|
-
## ##
|
27
|
-
####################################################
|
28
|
-
|
29
|
-
marco.riccardi@honeynet.it
|
30
|
-
www.honeynet.it/dorothy
|
31
|
-
|
32
|
-
|
33
|
-
Usage:
|
34
|
-
dparser_start [options]
|
35
|
-
where [options] are:
|
36
|
-
EOS
|
37
|
-
|
38
|
-
opt :verbose, "Enable verbose mode"
|
39
|
-
opt :nonetbios, "Hide Netbios communication"
|
40
|
-
opt :daemon, "Stay in the backroud, by constantly pooling datasources"
|
41
|
-
|
42
|
-
end
|
43
|
-
|
44
|
-
def get_time
|
45
|
-
time = Time.new
|
46
|
-
return time.utc.strftime("%Y-%m-%d %H:%M:%S")
|
47
|
-
end
|
48
|
-
|
49
|
-
|
50
|
-
NONETBIOS = opts[:nonetbios] ? true : false
|
51
|
-
VERBOSE = opts[:verbose] ? true : false
|
52
|
-
daemon = opts[:daemon] ? true : false
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
conf = "#{File.expand_path("~")}/.dorothy.yml"
|
57
|
-
DoroSettings.load!(conf)
|
58
|
-
|
59
|
-
#Logging
|
60
|
-
logout = (daemon ? DoroSettings.env[:logfile_parser] : STDOUT)
|
61
|
-
LOGGER_PARSER = DoroLogger.new(logout, DoroSettings.env[:logage])
|
62
|
-
LOGGER_PARSER.sev_threshold = DoroSettings.env[:loglevel]
|
63
|
-
|
64
|
-
LOGGER = DoroLogger.new(logout, DoroSettings.env[:logage])
|
65
|
-
LOGGER.sev_threshold = DoroSettings.env[:loglevel]
|
66
|
-
|
67
|
-
if DoroSettings.pcapr[:local]=="true"
|
68
|
-
if system "sh -c 'type startpcapr > /dev/null 2>&1'"
|
69
|
-
pcapr_conf = "#{File.expand_path("~")}/.pcapr_local/config"
|
70
|
-
unless Util.exists?(pcapr_conf)
|
71
|
-
puts "[WARNING]".red + " Pcapr conf not found at #{File.expand_path("~")}/.pcapr_local/config "
|
72
|
-
puts "[WARNING]".red + " Although you have configured Dorothy in order to look for a *local* Pcapr instance,it seems that it is not configured yet,so please run \"startpcapr\" and configure it."
|
73
|
-
exit(1)
|
74
|
-
end
|
75
|
-
else
|
76
|
-
puts "[WARNING]".red + " Although you have configured Dorothy in order to look for a *local* Pcapr instance, it seems *NOT INSTALLED* in your system.\n\t Please install it by typing \"sudo gem install pcapr-local\. Then set Pcapr to scan #{DoroSettings.env[:analysis_dir]}"
|
77
|
-
exit(1)
|
78
|
-
end
|
79
|
-
end
|
80
|
-
|
81
|
-
|
82
|
-
begin
|
83
|
-
DoroParser.start(daemon)
|
84
|
-
rescue => e
|
85
|
-
puts "[PARSER]".yellow + " An error occurred: ".red + e.inspect
|
86
|
-
if daemon
|
87
|
-
puts "[PARSER]".yellow + " For more information check the logfile" + e.inspect
|
88
|
-
puts "[PARSER]".yellow + "Dorothy-Parser has been stopped"
|
89
|
-
end
|
90
|
-
LOGGER_PARSER.error "Parser", "An error occurred: " + e.inspect
|
91
|
-
LOGGER_PARSER.debug "Parser", "#{e.inspect} --BACKTRACE: #{e.backtrace}"
|
92
|
-
LOGGER_PARSER.info "Parser", "Dorothy-Parser has been stopped"
|
93
|
-
end
|
94
|
-
|
data/bin/dparser_stop
DELETED
@@ -1,31 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
|
3
|
-
# Copyright (C) 2013 marco riccardi.
|
4
|
-
# This file is part of Dorothy - http://www.honeynet.it/dorothy
|
5
|
-
# See the file 'LICENSE' for copying permission.
|
6
|
-
|
7
|
-
|
8
|
-
require 'rubygems'
|
9
|
-
require 'trollop'
|
10
|
-
require 'dorothy2'
|
11
|
-
require 'doroParser'
|
12
|
-
|
13
|
-
#load '../lib/doroParser.rb'
|
14
|
-
#load '../lib/dorothy2.rb'
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
include Dorothy
|
19
|
-
include DoroParser
|
20
|
-
|
21
|
-
conf = "#{File.expand_path("~")}/.dorothy.yml"
|
22
|
-
DoroSettings.load!(conf)
|
23
|
-
|
24
|
-
|
25
|
-
#Logging
|
26
|
-
LOGGER_PARSER = DoroLogger.new(STDOUT, 'weekly')
|
27
|
-
|
28
|
-
LOGGER = DoroLogger.new(STDOUT, 'weekly')
|
29
|
-
|
30
|
-
DoroParser.stop
|
31
|
-
|
@@ -1,39 +0,0 @@
|
|
1
|
-
---
|
2
|
-
dorothive:
|
3
|
-
dbuser: postgres
|
4
|
-
dbpass: password
|
5
|
-
dbhost: localhost
|
6
|
-
dbname: dorothive
|
7
|
-
ddl: /Users/akira/Codes/dorothy-gem-try/dorothy2/etc/ddl/dorothive.ddl
|
8
|
-
env:
|
9
|
-
geoip: /Users/akira/Codes/dorothy-gem-try/dorothy2/etc/geo/GeoLiteCity.dat
|
10
|
-
geoasn: /Users/akira/Codes/dorothy-gem-try/dorothy2/etc/geo/GeoIPASNum.dat
|
11
|
-
loglevel: 0
|
12
|
-
testmode: true
|
13
|
-
dtimeout: 3600
|
14
|
-
logfile_parser: /Users/akira/Codes/dorothy-gem-try/dorothy2/var/log/parser.log
|
15
|
-
analysis_dir: /Users/akira/Codes/dorothy-gem-try/dorothy2/opt/analyzed
|
16
|
-
pidfile_parser: /Users/akira/Codes/dorothy-gem-try/dorothy2/var/doroParser.pid
|
17
|
-
pidfile: /Users/akira/Codes/dorothy-gem-try/dorothy2/var/dorothy.pid
|
18
|
-
logage: weekly
|
19
|
-
logfile: /Users/akira/Codes/dorothy-gem-try/dorothy2/var/log/dorothy.log
|
20
|
-
home: /Users/akira/Codes/dorothy-gem-try/dorothy2
|
21
|
-
esx:
|
22
|
-
user: "root"
|
23
|
-
pass: "Dorothy!?!"
|
24
|
-
host: "192.168.187.128"
|
25
|
-
sandbox:
|
26
|
-
screen1time: 1
|
27
|
-
sleeptime: 60
|
28
|
-
screen2time: 15
|
29
|
-
nam:
|
30
|
-
namuser: dorothy
|
31
|
-
pcaphome: ~/pcaps
|
32
|
-
nampass: ""
|
33
|
-
interface: eth0
|
34
|
-
namserver: ""
|
35
|
-
virustotal:
|
36
|
-
vtapikey: "c37baad50a42d7df3f91e957255a2c6a9deabe339c2ff44d4a637fff912def48"
|
37
|
-
|
38
|
-
|
39
|
-
|
data/etc/extensions.yml
DELETED
@@ -1,41 +0,0 @@
|
|
1
|
-
#############################################
|
2
|
-
### DOROTHY EXTENSION MANAGER #
|
3
|
-
#############################################
|
4
|
-
### Choose how do you want to open the the
|
5
|
-
### binaries into the Sandbox VM.
|
6
|
-
### You can add as much extensions as you
|
7
|
-
### want.
|
8
|
-
#############################################
|
9
|
-
---
|
10
|
-
exe:
|
11
|
-
prog_name: Windows CMD.exe
|
12
|
-
prog_path: C:\windows\system32\cmd.exe
|
13
|
-
prog_args: /C
|
14
|
-
|
15
|
-
|
16
|
-
bat:
|
17
|
-
prog_name: Windows CMD.exe
|
18
|
-
prog_path: C:\windows\system32\cmd.exe
|
19
|
-
prog_args: /C
|
20
|
-
|
21
|
-
|
22
|
-
dll:
|
23
|
-
prog_name: Windows Rundll32.exe
|
24
|
-
prog_path: C:\windows\system32\rundll32.exe
|
25
|
-
prog_args:
|
26
|
-
|
27
|
-
html: # c:\Program Files\Internet Explorer\iexplore.exe" -new
|
28
|
-
prog_name: Microsoft Explorer IEXPLORE.EXE
|
29
|
-
prog_path: C:\windows\system32\cmd.exe
|
30
|
-
prog_args: /C start "C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"
|
31
|
-
|
32
|
-
#doc:
|
33
|
-
# prog_name: Microsoft Word 2003
|
34
|
-
# prog_path:
|
35
|
-
# prog_args:
|
36
|
-
|
37
|
-
#pdf:
|
38
|
-
# prog_name: Acrobat Reader Version 1.0
|
39
|
-
# prog_path:
|
40
|
-
# prog_args:
|
41
|
-
|