dorothy2 1.2.0 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +8 -8
- data/CHANGELOG +39 -14
- data/README.md +80 -62
- data/UPDATE +6 -14
- data/bin/dorothy2 +472 -0
- data/dorothy2.gemspec +22 -16
- data/etc/ddl/dorothive.ddl +619 -373
- data/etc/sources.yml.example +27 -2
- data/lib/doroGUI.rb +232 -0
- data/lib/doroParser.rb +34 -78
- data/lib/dorothy2.rb +288 -248
- data/lib/dorothy2/BFM.rb +114 -61
- data/lib/dorothy2/DEM.rb +3 -1
- data/lib/dorothy2/NAM.rb +2 -2
- data/lib/dorothy2/Settings.rb +2 -1
- data/lib/dorothy2/VSM.rb +2 -1
- data/lib/dorothy2/deep_symbolize.rb +2 -7
- data/lib/dorothy2/do-init.rb +286 -19
- data/lib/dorothy2/do-logger.rb +1 -1
- data/lib/dorothy2/do-utils.rb +382 -33
- data/lib/dorothy2/version.rb +1 -1
- data/lib/dorothy2/vtotal.rb +30 -20
- data/lib/mu/xtractr.rb +11 -11
- data/lib/mu/xtractr/stream.rb +1 -1
- data/lib/www/public/reset.css +153 -0
- data/lib/www/public/style.css +65 -0
- data/lib/www/views/analyses.erb +28 -0
- data/lib/www/views/email.erb +63 -0
- data/lib/www/views/flows.erb +30 -0
- data/lib/www/views/layout.erb +27 -0
- data/lib/www/views/profile.erb +49 -0
- data/lib/www/views/queue.erb +28 -0
- data/lib/www/views/resume.erb +135 -0
- data/lib/www/views/resume.erb~ +88 -0
- data/lib/www/views/samples.erb +20 -0
- data/lib/www/views/upload.erb +154 -0
- data/share/img/The_big_picture.pdf +0 -0
- data/test/tc_dorothy_full.rb +3 -0
- metadata +169 -70
- data/TODO +0 -27
- data/bin/dorothy_start +0 -225
- data/bin/dorothy_stop +0 -28
- data/bin/dparser_start +0 -94
- data/bin/dparser_stop +0 -31
- data/etc/dorothy copy.yml.example +0 -39
- data/etc/extensions.yml +0 -41
- data/share/update-dorothive.sql +0 -19
data/bin/dorothy_start
DELETED
@@ -1,225 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
|
3
|
-
# Copyright (C) 2010-2013 marco riccardi.
|
4
|
-
# This file is part of Dorothy - http://www.honeynet.it/
|
5
|
-
# See the file 'LICENSE' for copying permission.
|
6
|
-
|
7
|
-
require 'rubygems'
|
8
|
-
require 'trollop'
|
9
|
-
require 'dorothy2' #comment for testing/developmnet
|
10
|
-
|
11
|
-
#load '../lib/dorothy2.rb' #uncomment for testing/developmnet
|
12
|
-
|
13
|
-
include Dorothy
|
14
|
-
|
15
|
-
|
16
|
-
opts = Trollop.options do
|
17
|
-
banner <<-EOS
|
18
|
-
|
19
|
-
####################################################
|
20
|
-
## ##
|
21
|
-
## The Dorothy Malware Analysis Framework 2.0 ##
|
22
|
-
## ##
|
23
|
-
####################################################
|
24
|
-
|
25
|
-
marco.riccardi@honeynet.it
|
26
|
-
www.honeynet.it/dorothy
|
27
|
-
|
28
|
-
|
29
|
-
Usage:
|
30
|
-
dorothy_start [options]
|
31
|
-
where [options] are:
|
32
|
-
EOS
|
33
|
-
|
34
|
-
opt :Version, "Print the current version."
|
35
|
-
opt :verbose, "Enable verbose mode"
|
36
|
-
opt :infoflow, "Print the analysis flow"
|
37
|
-
opt :baseline, "Create a new process baseline"
|
38
|
-
opt :source, "Choose a source (from the ones defined in etc/sources.yml)", :type => :string
|
39
|
-
opt :daemon, "Stay in the backround, by constantly pooling datasources"
|
40
|
-
opt :manual, "Start everything, copy the file, and wait for me."
|
41
|
-
opt :SandboxUpdate, "Update Dorothive with the new Sandbox file"
|
42
|
-
opt :DorothiveInit, "(RE)Install the Dorothy Database (Dorothive)", :type => :string
|
43
|
-
|
44
|
-
end
|
45
|
-
|
46
|
-
if opts[:infoflow]
|
47
|
-
puts "
|
48
|
-
The Dorothy Malware Analysis Framework 2.0
|
49
|
-
---------------Execution Flow-------------
|
50
|
-
#0) Fetch new malwares
|
51
|
-
#1) Start VM
|
52
|
-
#2) Copy File to VM
|
53
|
-
#3) Start Sniffer
|
54
|
-
#4) Execute file into VM
|
55
|
-
#5) Make screenshot
|
56
|
-
#6) Wait X minutes (configure X in the conf file)
|
57
|
-
#7) Save the running processes
|
58
|
-
#8) Stop Sniffer
|
59
|
-
#9) Download Screenshot and trafficdump
|
60
|
-
#10) Compare the aquired process list with the one taken during the baseline run. Find the new spawned processes.
|
61
|
-
#11) Try to retreive malware info from VirusTotal
|
62
|
-
#12) Insert data into Dorothy-DB
|
63
|
-
------------------------------------------
|
64
|
-
"
|
65
|
-
|
66
|
-
exit(0)
|
67
|
-
end
|
68
|
-
|
69
|
-
if opts[:Version]
|
70
|
-
puts "Dorothy ".yellow + Dorothy::VERSION
|
71
|
-
exit(0)
|
72
|
-
end
|
73
|
-
|
74
|
-
puts "
|
75
|
-
|
76
|
-
####################################################
|
77
|
-
## ##
|
78
|
-
## The Dorothy Malware Analysis Framework 2.0 ##
|
79
|
-
## ##
|
80
|
-
####################################################
|
81
|
-
|
82
|
-
"
|
83
|
-
|
84
|
-
#VARS
|
85
|
-
HOME = File.expand_path("..",File.dirname(__FILE__))
|
86
|
-
VERBOSE = (opts[:verbose] ? true : false)
|
87
|
-
daemon = (opts[:daemon] ? true : false)
|
88
|
-
MANUAL = (opts[:manual] ? true : false)
|
89
|
-
|
90
|
-
if MANUAL && daemon
|
91
|
-
"[Dorothy]".yellow + " Manual and Deamon modes can't be executed together"
|
92
|
-
exit(1)
|
93
|
-
end
|
94
|
-
|
95
|
-
|
96
|
-
#DEFAULT CONF FILES
|
97
|
-
#conf = HOME + '/etc/dorothy.yml'
|
98
|
-
|
99
|
-
conf = "#{File.expand_path("~")}/.dorothy.yml"
|
100
|
-
|
101
|
-
|
102
|
-
#LOAD ENV
|
103
|
-
if Util.exists?(conf)
|
104
|
-
DoroSettings.load!(conf)
|
105
|
-
else
|
106
|
-
DoroConfig.create
|
107
|
-
exit(0)
|
108
|
-
end
|
109
|
-
|
110
|
-
|
111
|
-
#LOAD EXTENSION MGT FILE
|
112
|
-
EXTENSIONS=YAML.load_file("#{DoroSettings.env[:home]}/etc/extensions.yml")
|
113
|
-
|
114
|
-
|
115
|
-
|
116
|
-
#Logging
|
117
|
-
logout = (daemon ? DoroSettings.env[:logfile] : STDOUT)
|
118
|
-
LOGGER = DoroLogger.new(logout, DoroSettings.env[:logage])
|
119
|
-
LOGGER.sev_threshold = DoroSettings.env[:loglevel]
|
120
|
-
|
121
|
-
|
122
|
-
if opts[:baseline]
|
123
|
-
puts "[" + "+".red + "] " + "[DOROTHY]".yellow + "Creating a new process baseline."
|
124
|
-
Dorothy.run_baseline
|
125
|
-
puts "[" + "+".red + "] " + "[WARNING]".red + "Baseline run finished."
|
126
|
-
exit(0)
|
127
|
-
end
|
128
|
-
|
129
|
-
|
130
|
-
|
131
|
-
home = DoroSettings.env[:home]
|
132
|
-
#check homefolder
|
133
|
-
unless Util.exists?(home)
|
134
|
-
DoroConfig.init_home(home)
|
135
|
-
end
|
136
|
-
|
137
|
-
sfile = home + '/etc/sources.yml'
|
138
|
-
sboxfile = home + '/etc/sandboxes.yml'
|
139
|
-
baseline_procs = home + '/etc/baseline_processes.yml'
|
140
|
-
|
141
|
-
if opts[:DorothiveInit]
|
142
|
-
Util.init_db(opts[:DorothiveInit])
|
143
|
-
puts "[" + "+".red + "] " + "[Dorothy]".yellow + " Database loaded, now you can restart Dorothy!"
|
144
|
-
exit(0)
|
145
|
-
end
|
146
|
-
|
147
|
-
#INIT DB Connector
|
148
|
-
begin
|
149
|
-
db = Insertdb.new
|
150
|
-
rescue => e
|
151
|
-
if e.inspect =~ /exist/
|
152
|
-
puts "[" + "+".red + "] " + "WARNING".yellow + " The database doesn't exist yet. Press Enter to load the ddl into the DB"
|
153
|
-
gets
|
154
|
-
Util.init_db(DoroSettings.dorothive[:ddl])
|
155
|
-
exit(0)
|
156
|
-
else
|
157
|
-
puts "[" + "+".red + "] " + "ERROR".red + " Can't connect to the database"
|
158
|
-
puts e
|
159
|
-
exit(0)
|
160
|
-
end
|
161
|
-
end
|
162
|
-
|
163
|
-
|
164
|
-
if opts[:SandboxUpdate]
|
165
|
-
puts "[" + "+".red + "] " + "[Dorothy]".yellow + " Loading #{sboxfile} into Dorothive"
|
166
|
-
DoroConfig.init_sandbox(sboxfile)
|
167
|
-
puts "[" + "+".red + "] " + "[Dorothy]".yellow + " Done."
|
168
|
-
exit(0)
|
169
|
-
end
|
170
|
-
|
171
|
-
if Util.exists?(sfile)
|
172
|
-
sources = YAML.load_file(sfile)
|
173
|
-
#check if all the source directories exist
|
174
|
-
sources.keys.each do |s|
|
175
|
-
unless Util.exists?("#{sources[s]["localdir"]}")
|
176
|
-
LOGGER.warn "INIT", "Warning, the source's localdir #{s} doesn't exist yet, I'm going to create it"
|
177
|
-
Dir.mkdir("#{sources[s]["localdir"]}")
|
178
|
-
end
|
179
|
-
end
|
180
|
-
else
|
181
|
-
puts "[" + "+".red + "] " + "[WARNING]".red + " A source file doesn't exist, please crate one into #{home}/etc. See the example file in #{HOME}/etc/sources.yml.example"
|
182
|
-
exit(0)
|
183
|
-
end
|
184
|
-
|
185
|
-
unless Util.exists?(sboxfile)
|
186
|
-
puts "[" + "+".red + "] " + "[WARNING]".red + " There is no sandbox configured yet. Please do it now."
|
187
|
-
DoroConfig.create_sandbox(sboxfile)
|
188
|
-
DoroConfig.init_sandbox(sboxfile)
|
189
|
-
end
|
190
|
-
|
191
|
-
unless Util.exists?(baseline_procs)
|
192
|
-
puts "[" + "+".red + "] " + "[WARNING]".red + " There is no process-baseline file yet, Dorothy is going to create one."
|
193
|
-
Dorothy.run_baseline
|
194
|
-
puts "[" + "+".red + "] " + "[WARNING]".red + " Baseline run finished."
|
195
|
-
exit(0)
|
196
|
-
end
|
197
|
-
|
198
|
-
BASELINE_PROCS = YAML.load_file(baseline_procs)
|
199
|
-
|
200
|
-
#Check DB sandbox data
|
201
|
-
if db.table_empty?("sandboxes")
|
202
|
-
puts "[" + "+".red + "] " + "[WARNING]".red + " No sandbox found in Dorothive, the DB will be filled with " + sboxfile
|
203
|
-
DoroConfig.init_sandbox(sboxfile)
|
204
|
-
end
|
205
|
-
|
206
|
-
if opts[:source] && !sources.key?(opts[:source])
|
207
|
-
puts "[" + "+".red + "] " + "[WARNING]".red + " The selected source is not yet configured.\nThe available sources are: "
|
208
|
-
puts "[" + "+".red + "] " + sources.keys
|
209
|
-
exit(0)
|
210
|
-
end
|
211
|
-
|
212
|
-
db.close
|
213
|
-
|
214
|
-
begin
|
215
|
-
Dorothy.start sources[opts[:source]], daemon
|
216
|
-
rescue SignalException
|
217
|
-
Dorothy.stop_running_analyses
|
218
|
-
rescue => e
|
219
|
-
puts "[" + "+".red + "] " + "[Dorothy]".yellow + " An error occurred: \n".red + e.inspect
|
220
|
-
puts "[" + "+".red + "] " + "[Dorothy]".yellow + " For more information check the logfile \n" + e.inspect if daemon
|
221
|
-
LOGGER.error "Dorothy", "An error occurred: \n" + e.inspect
|
222
|
-
LOGGER.debug "Dorothy", "#{e.inspect} --BACKTRACE: #{e.backtrace}"
|
223
|
-
LOGGER.info "Dorothy", "Dorothy has been stopped"
|
224
|
-
end
|
225
|
-
|
data/bin/dorothy_stop
DELETED
@@ -1,28 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
|
3
|
-
# Copyright (C) 2013 marco riccardi.
|
4
|
-
# This file is part of Dorothy - http://www.honeynet.it/dorothy
|
5
|
-
# See the file 'LICENSE' for copying permission.
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
require 'rubygems'
|
10
|
-
require 'trollop'
|
11
|
-
require 'dorothy2'
|
12
|
-
|
13
|
-
#load '../lib/dorothy2.rb'
|
14
|
-
|
15
|
-
include Dorothy
|
16
|
-
|
17
|
-
conf = "#{File.expand_path("~")}/.dorothy.yml"
|
18
|
-
DoroSettings.load!(conf)
|
19
|
-
|
20
|
-
#Logging
|
21
|
-
|
22
|
-
LOGGER = DoroLogger.new(DoroSettings.env[:logfile], DoroSettings.env[:logage])
|
23
|
-
LOGGER.sev_threshold = DoroSettings.env[:loglevel]
|
24
|
-
|
25
|
-
|
26
|
-
Dorothy.stop
|
27
|
-
|
28
|
-
|
data/bin/dparser_start
DELETED
@@ -1,94 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
|
3
|
-
# Copyright (C) 2013 marco riccardi.
|
4
|
-
# This file is part of Dorothy - http://www.honeynet.it/
|
5
|
-
# See the file 'LICENSE' for copying permission.
|
6
|
-
|
7
|
-
require 'rubygems'
|
8
|
-
require 'trollop'
|
9
|
-
require 'dorothy2'
|
10
|
-
require 'doroParser'
|
11
|
-
|
12
|
-
#load '../lib/dorothy2.rb'
|
13
|
-
#load '../lib/doroParser.rb'
|
14
|
-
|
15
|
-
include Dorothy
|
16
|
-
include DoroParser
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
opts = Trollop.options do
|
21
|
-
banner <<-EOS
|
22
|
-
|
23
|
-
####################################################
|
24
|
-
## ##
|
25
|
-
## The Dorothy Malware Analysis Framework 2.0 ##
|
26
|
-
## ##
|
27
|
-
####################################################
|
28
|
-
|
29
|
-
marco.riccardi@honeynet.it
|
30
|
-
www.honeynet.it/dorothy
|
31
|
-
|
32
|
-
|
33
|
-
Usage:
|
34
|
-
dparser_start [options]
|
35
|
-
where [options] are:
|
36
|
-
EOS
|
37
|
-
|
38
|
-
opt :verbose, "Enable verbose mode"
|
39
|
-
opt :nonetbios, "Hide Netbios communication"
|
40
|
-
opt :daemon, "Stay in the backroud, by constantly pooling datasources"
|
41
|
-
|
42
|
-
end
|
43
|
-
|
44
|
-
def get_time
|
45
|
-
time = Time.new
|
46
|
-
return time.utc.strftime("%Y-%m-%d %H:%M:%S")
|
47
|
-
end
|
48
|
-
|
49
|
-
|
50
|
-
NONETBIOS = opts[:nonetbios] ? true : false
|
51
|
-
VERBOSE = opts[:verbose] ? true : false
|
52
|
-
daemon = opts[:daemon] ? true : false
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
conf = "#{File.expand_path("~")}/.dorothy.yml"
|
57
|
-
DoroSettings.load!(conf)
|
58
|
-
|
59
|
-
#Logging
|
60
|
-
logout = (daemon ? DoroSettings.env[:logfile_parser] : STDOUT)
|
61
|
-
LOGGER_PARSER = DoroLogger.new(logout, DoroSettings.env[:logage])
|
62
|
-
LOGGER_PARSER.sev_threshold = DoroSettings.env[:loglevel]
|
63
|
-
|
64
|
-
LOGGER = DoroLogger.new(logout, DoroSettings.env[:logage])
|
65
|
-
LOGGER.sev_threshold = DoroSettings.env[:loglevel]
|
66
|
-
|
67
|
-
if DoroSettings.pcapr[:local]=="true"
|
68
|
-
if system "sh -c 'type startpcapr > /dev/null 2>&1'"
|
69
|
-
pcapr_conf = "#{File.expand_path("~")}/.pcapr_local/config"
|
70
|
-
unless Util.exists?(pcapr_conf)
|
71
|
-
puts "[WARNING]".red + " Pcapr conf not found at #{File.expand_path("~")}/.pcapr_local/config "
|
72
|
-
puts "[WARNING]".red + " Although you have configured Dorothy in order to look for a *local* Pcapr instance,it seems that it is not configured yet,so please run \"startpcapr\" and configure it."
|
73
|
-
exit(1)
|
74
|
-
end
|
75
|
-
else
|
76
|
-
puts "[WARNING]".red + " Although you have configured Dorothy in order to look for a *local* Pcapr instance, it seems *NOT INSTALLED* in your system.\n\t Please install it by typing \"sudo gem install pcapr-local\. Then set Pcapr to scan #{DoroSettings.env[:analysis_dir]}"
|
77
|
-
exit(1)
|
78
|
-
end
|
79
|
-
end
|
80
|
-
|
81
|
-
|
82
|
-
begin
|
83
|
-
DoroParser.start(daemon)
|
84
|
-
rescue => e
|
85
|
-
puts "[PARSER]".yellow + " An error occurred: ".red + e.inspect
|
86
|
-
if daemon
|
87
|
-
puts "[PARSER]".yellow + " For more information check the logfile" + e.inspect
|
88
|
-
puts "[PARSER]".yellow + "Dorothy-Parser has been stopped"
|
89
|
-
end
|
90
|
-
LOGGER_PARSER.error "Parser", "An error occurred: " + e.inspect
|
91
|
-
LOGGER_PARSER.debug "Parser", "#{e.inspect} --BACKTRACE: #{e.backtrace}"
|
92
|
-
LOGGER_PARSER.info "Parser", "Dorothy-Parser has been stopped"
|
93
|
-
end
|
94
|
-
|
data/bin/dparser_stop
DELETED
@@ -1,31 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
|
3
|
-
# Copyright (C) 2013 marco riccardi.
|
4
|
-
# This file is part of Dorothy - http://www.honeynet.it/dorothy
|
5
|
-
# See the file 'LICENSE' for copying permission.
|
6
|
-
|
7
|
-
|
8
|
-
require 'rubygems'
|
9
|
-
require 'trollop'
|
10
|
-
require 'dorothy2'
|
11
|
-
require 'doroParser'
|
12
|
-
|
13
|
-
#load '../lib/doroParser.rb'
|
14
|
-
#load '../lib/dorothy2.rb'
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
include Dorothy
|
19
|
-
include DoroParser
|
20
|
-
|
21
|
-
conf = "#{File.expand_path("~")}/.dorothy.yml"
|
22
|
-
DoroSettings.load!(conf)
|
23
|
-
|
24
|
-
|
25
|
-
#Logging
|
26
|
-
LOGGER_PARSER = DoroLogger.new(STDOUT, 'weekly')
|
27
|
-
|
28
|
-
LOGGER = DoroLogger.new(STDOUT, 'weekly')
|
29
|
-
|
30
|
-
DoroParser.stop
|
31
|
-
|
@@ -1,39 +0,0 @@
|
|
1
|
-
---
|
2
|
-
dorothive:
|
3
|
-
dbuser: postgres
|
4
|
-
dbpass: password
|
5
|
-
dbhost: localhost
|
6
|
-
dbname: dorothive
|
7
|
-
ddl: /Users/akira/Codes/dorothy-gem-try/dorothy2/etc/ddl/dorothive.ddl
|
8
|
-
env:
|
9
|
-
geoip: /Users/akira/Codes/dorothy-gem-try/dorothy2/etc/geo/GeoLiteCity.dat
|
10
|
-
geoasn: /Users/akira/Codes/dorothy-gem-try/dorothy2/etc/geo/GeoIPASNum.dat
|
11
|
-
loglevel: 0
|
12
|
-
testmode: true
|
13
|
-
dtimeout: 3600
|
14
|
-
logfile_parser: /Users/akira/Codes/dorothy-gem-try/dorothy2/var/log/parser.log
|
15
|
-
analysis_dir: /Users/akira/Codes/dorothy-gem-try/dorothy2/opt/analyzed
|
16
|
-
pidfile_parser: /Users/akira/Codes/dorothy-gem-try/dorothy2/var/doroParser.pid
|
17
|
-
pidfile: /Users/akira/Codes/dorothy-gem-try/dorothy2/var/dorothy.pid
|
18
|
-
logage: weekly
|
19
|
-
logfile: /Users/akira/Codes/dorothy-gem-try/dorothy2/var/log/dorothy.log
|
20
|
-
home: /Users/akira/Codes/dorothy-gem-try/dorothy2
|
21
|
-
esx:
|
22
|
-
user: "root"
|
23
|
-
pass: "Dorothy!?!"
|
24
|
-
host: "192.168.187.128"
|
25
|
-
sandbox:
|
26
|
-
screen1time: 1
|
27
|
-
sleeptime: 60
|
28
|
-
screen2time: 15
|
29
|
-
nam:
|
30
|
-
namuser: dorothy
|
31
|
-
pcaphome: ~/pcaps
|
32
|
-
nampass: ""
|
33
|
-
interface: eth0
|
34
|
-
namserver: ""
|
35
|
-
virustotal:
|
36
|
-
vtapikey: "c37baad50a42d7df3f91e957255a2c6a9deabe339c2ff44d4a637fff912def48"
|
37
|
-
|
38
|
-
|
39
|
-
|
data/etc/extensions.yml
DELETED
@@ -1,41 +0,0 @@
|
|
1
|
-
#############################################
|
2
|
-
### DOROTHY EXTENSION MANAGER #
|
3
|
-
#############################################
|
4
|
-
### Choose how do you want to open the the
|
5
|
-
### binaries into the Sandbox VM.
|
6
|
-
### You can add as much extensions as you
|
7
|
-
### want.
|
8
|
-
#############################################
|
9
|
-
---
|
10
|
-
exe:
|
11
|
-
prog_name: Windows CMD.exe
|
12
|
-
prog_path: C:\windows\system32\cmd.exe
|
13
|
-
prog_args: /C
|
14
|
-
|
15
|
-
|
16
|
-
bat:
|
17
|
-
prog_name: Windows CMD.exe
|
18
|
-
prog_path: C:\windows\system32\cmd.exe
|
19
|
-
prog_args: /C
|
20
|
-
|
21
|
-
|
22
|
-
dll:
|
23
|
-
prog_name: Windows Rundll32.exe
|
24
|
-
prog_path: C:\windows\system32\rundll32.exe
|
25
|
-
prog_args:
|
26
|
-
|
27
|
-
html: # c:\Program Files\Internet Explorer\iexplore.exe" -new
|
28
|
-
prog_name: Microsoft Explorer IEXPLORE.EXE
|
29
|
-
prog_path: C:\windows\system32\cmd.exe
|
30
|
-
prog_args: /C start "C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"
|
31
|
-
|
32
|
-
#doc:
|
33
|
-
# prog_name: Microsoft Word 2003
|
34
|
-
# prog_path:
|
35
|
-
# prog_args:
|
36
|
-
|
37
|
-
#pdf:
|
38
|
-
# prog_name: Acrobat Reader Version 1.0
|
39
|
-
# prog_path:
|
40
|
-
# prog_args:
|
41
|
-
|