Техническая информация
Для обеспечения автозапуска и распространения
Модифицирует следующие ключи реестра
- [HKLM\Software\Classes\BRUfile\shell\open\command] '' = '"%ProgramFiles%\Bulk Rename Utility\Bulk Rename Utility.exe" "%L"'
Изменения в файловой системе
Создает следующие файлы
- %TEMP%\auta24b.tmp
- %TEMP%\~~th10_5.04967944207601.exe
- %TEMP%\is-btef0.tmp\~~th10_5.04967944207601.tmp
- %TEMP%\is-6be5b.tmp\_isetup\_setup64.tmp
- %TEMP%\is-6be5b.tmp\_isetup\_shfoldr.dll
- %ProgramFiles%\bulk rename utility\is-j9vlb.tmp
- %ProgramFiles%\bulk rename utility\is-2omol.tmp
- %ProgramFiles%\bulk rename utility\is-0bg9d.tmp
- %ProgramFiles%\bulk rename utility\is-3soed.tmp
- %ProgramFiles%\bulk rename utility\is-klbt0.tmp
- %ProgramFiles%\bulk rename utility\is-4ro25.tmp
- %ProgramFiles%\bulk rename utility\is-eoj97.tmp
- %ProgramFiles%\bulk rename utility\samples\is-sereo.tmp
- %ProgramFiles%\bulk rename utility\samples\is-k6cll.tmp
- %ProgramFiles%\bulk rename utility\samples\is-iokgh.tmp
- %ProgramFiles%\bulk rename utility\samples\is-12sg3.tmp
- %ProgramFiles%\bulk rename utility\samples\is-22gc3.tmp
- %ProgramFiles%\bulk rename utility\js\is-k4nfd.tmp
- %ProgramFiles%\bulk rename utility\js\is-v3lk9.tmp
- %TEMP%\is-6be5b.tmp\is-rtpht.tmp
- %ProgramFiles%\bulk rename utility\is-gan07.tmp
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\bulk rename utility\bulk rename utility.lnk
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\bulk rename utility\help file.lnk
- %ALLUSERSPROFILE%\microsoft\windows\start menu\programs\bulk rename utility\help file (pdf).lnk
- %ProgramFiles%\bulk rename utility\unins000.dat
Удаляет файлы, которые сам же создал
- %TEMP%\auta24b.tmp
- %TEMP%\is-6be5b.tmp\setacl.exe
- %TEMP%\is-6be5b.tmp\_isetup\_setup64.tmp
- %TEMP%\is-6be5b.tmp\_isetup\_shfoldr.dll
- %TEMP%\is-btef0.tmp\~~th10_5.04967944207601.tmp
- %TEMP%\~~th10_5.04967944207601.exe
Перемещает следующие файлы
- %ProgramFiles%\bulk rename utility\is-j9vlb.tmp в %ProgramFiles%\bulk rename utility\unins000.exe
- %ProgramFiles%\bulk rename utility\is-2omol.tmp в %ProgramFiles%\bulk rename utility\bulk rename utility.chm
- %ProgramFiles%\bulk rename utility\is-0bg9d.tmp в %ProgramFiles%\bulk rename utility\bulk rename utility.exe
- %ProgramFiles%\bulk rename utility\is-3soed.tmp в %ProgramFiles%\bulk rename utility\tips.txt
- %ProgramFiles%\bulk rename utility\is-klbt0.tmp в %ProgramFiles%\bulk rename utility\license.txt
- %ProgramFiles%\bulk rename utility\is-4ro25.tmp в %ProgramFiles%\bulk rename utility\bru_manual.pdf
- %ProgramFiles%\bulk rename utility\is-eoj97.tmp в %ProgramFiles%\bulk rename utility\bruchangelog.pdf
- %ProgramFiles%\bulk rename utility\samples\is-sereo.tmp в %ProgramFiles%\bulk rename utility\samples\convert filenames to upper-case and apply a fixed extension.bru
- %ProgramFiles%\bulk rename utility\samples\is-k6cll.tmp в %ProgramFiles%\bulk rename utility\samples\prefix filenames with a number.bru
- %ProgramFiles%\bulk rename utility\samples\is-iokgh.tmp в %ProgramFiles%\bulk rename utility\samples\prefix filenames with creation-date.bru
- %ProgramFiles%\bulk rename utility\samples\is-12sg3.tmp в %ProgramFiles%\bulk rename utility\samples\replace filename with a padded number.bru
- %ProgramFiles%\bulk rename utility\samples\is-22gc3.tmp в %ProgramFiles%\bulk rename utility\samples\replace spaces with underscores.bru
- %ProgramFiles%\bulk rename utility\js\is-k4nfd.tmp в %ProgramFiles%\bulk rename utility\js\date.js
- %ProgramFiles%\bulk rename utility\js\is-v3lk9.tmp в %ProgramFiles%\bulk rename utility\js\sugar.js
- %TEMP%\is-6be5b.tmp\is-rtpht.tmp в %TEMP%\is-6be5b.tmp\setacl.exe
- %ProgramFiles%\bulk rename utility\is-gan07.tmp в %ProgramFiles%\bulk rename utility\bruhere64.dll
Другое
Создает и запускает на исполнение
- '%TEMP%\~~th10_5.04967944207601.exe' /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
- '%TEMP%\is-btef0.tmp\~~th10_5.04967944207601.tmp' /SL5="$90136,9286523,139776,%TEMP%\~~TH10_5.04967944207601.exe" /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /SP-
- '%TEMP%\is-6be5b.tmp\setacl.exe' "%ProgramFiles%\Bulk Rename Utility\Bulk Rename Utility.ini" /file /grant S-1-1-0 /full /sid /silent
Запускает на исполнение
- '<SYSTEM32>\regsvr32.exe' /s "%ProgramFiles%\Bulk Rename Utility\BRUhere64.dll"
- '%WINDIR%\syswow64\cmd.exe' /c rd /s /q %temp% && md %temp% (со скрытым окном)
