PUA.Win32.CPInstall.A

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Este malware no tiene ninguna rutina de propagación.

Este malware no tiene ninguna rutina de puerta trasera.

Detalles de entrada

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Instalación

Agrega las carpetas siguientes:

• %Common Programs%\Media Player - Codec Pack
• %System%\Codecs
• %User Temp%\MPCP_FS_files
• %User Temp%\ns{Random Characters}.tmp

(Nota: %System% es la carpeta del sistema de Windows, que en el caso de Windows 98 y ME suele estar en C:\Windows\System, en el caso de Windows NT y 2000 en C:\WINNT\System32 y en el caso de Windows 2000(32-bit), XP, Server 2003(32-bit), Vista, 7, 8, 8.1, 2008(64-bit), 2012(64bit) y 10(64-bit) en C:\Windows\System32).

Este malware infiltra el/los siguiente(s) archivo(s):

• %Common Programs%\Media Player - Codec Pack\Codec Settings (Run as administrator).lnk
• %Common Programs%\Media Player - Codec Pack\Codec Settings.lnk
• %Common Programs%\Media Player - Codec Pack\Media Player Classic.lnk
• %Common Programs%\Media Player - Codec Pack\Package Homepage.url
• %Common Programs%\Media Player - Codec Pack\Uninstall.lnk
• %Common Startup%\CodecPackTrayMenu.lnk
• %System%\Codecs\AC3Lib.dll.new → renamed to AC3Lib.dll
• %System%\Codecs\AppDialog.exe.new → renamed to AppDialog.exe
• %System%\Codecs\AudioProfiler.exe.new → renamed to AudioProfiler.exe
• %System%\Codecs\CleanUp.exe.new → renamed to CleanUp.exe
• %System%\Codecs\CleanUp_x64.exe.new → renamed to CleanUp_x64.exe
• %System%\Codecs\CodecSettings.exe.new → renamed to CodecSettings.exe
• %System%\Codecs\CodecSettingsADMIN.exe.new → renamed to CodecSettingsADMIN.exe
• %System%\Codecs\CodecUACManager.exe.new → renamed to CodecUACManager.exe
• %System%\Codecs\Compressor.dll.new → renamed to Compressor.dll
• %System%\Codecs\Config.exe.new → renamed to Config.exe
• %System%\Codecs\D3DCompiler_47.dll
• %System%\Codecs\D3DX9_43.dll
• %System%\Codecs\DisableUpdateChecker.exe.new → renamed to DisableUpdateChecker.exe
• %System%\Codecs\LAVFilters\IntelQuickSyncDecoder.dll.new → renamed to IntelQuickSyncDecoder.dll
• %System%\Codecs\LAVFilters\LAVAudio.ax.new → renamed to LAVAudio.ax
• %System%\Codecs\LAVFilters\LAVFilters.Dependencies.manifest.new → renamed to LAVFilters.Dependencies.manifest
• %System%\Codecs\LAVFilters\LAVSplitter.ax.new → renamed to LAVSplitter.ax
• %System%\Codecs\LAVFilters\LAVVideo.ax.new → renamed to LAVVideo.ax
• %System%\Codecs\LAVFilters\avcodec-lav-58.dll.new → renamed to avcodec-lav-58.dll
• %System%\Codecs\LAVFilters\avfilter-lav-7.dll.new → renamed to avfilter-lav-7.dll
• %System%\Codecs\LAVFilters\avformat-lav-58.dll.new → renamed to avformat-lav-58.dll
• %System%\Codecs\LAVFilters\avresample-lav-4.dll.new → renamed to avresample-lav-4.dll
• %System%\Codecs\LAVFilters\avutil-lav-56.dll.new → renamed to avutil-lav-56.dll
• %System%\Codecs\LAVFilters\libbluray.dll.new → renamed to libbluray.dll
• %System%\Codecs\LAVFilters\swscale-lav-5.dll.new → renamed to swscale-lav-5.dll
• %System%\Codecs\Lang\mpcresources.ar.dll
• %System%\Codecs\Lang\mpcresources.be.dll
• %System%\Codecs\Lang\mpcresources.bn.dll
• %System%\Codecs\Lang\mpcresources.bs_BA.dll
• %System%\Codecs\Lang\mpcresources.ca.dll
• %System%\Codecs\Lang\mpcresources.cs.dll
• %System%\Codecs\Lang\mpcresources.da.dll
• %System%\Codecs\Lang\mpcresources.de.dll
• %System%\Codecs\Lang\mpcresources.el.dll
• %System%\Codecs\Lang\mpcresources.en_GB.dll
• %System%\Codecs\Lang\mpcresources.es.dll
• %System%\Codecs\Lang\mpcresources.eu.dll
• %System%\Codecs\Lang\mpcresources.fi.dll
• %System%\Codecs\Lang\mpcresources.fr.dll
• %System%\Codecs\Lang\mpcresources.gl.dll
• %System%\Codecs\Lang\mpcresources.he.dll
• %System%\Codecs\Lang\mpcresources.hr.dll
• %System%\Codecs\Lang\mpcresources.hu.dll
• %System%\Codecs\Lang\mpcresources.hy.dll
• %System%\Codecs\Lang\mpcresources.id.dll
• %System%\Codecs\Lang\mpcresources.it.dll
• %System%\Codecs\Lang\mpcresources.ja.dll
• %System%\Codecs\Lang\mpcresources.ko.dll
• %System%\Codecs\Lang\mpcresources.lt.dll
• %System%\Codecs\Lang\mpcresources.ms_MY.dll
• %System%\Codecs\Lang\mpcresources.nl.dll
• %System%\Codecs\Lang\mpcresources.pa.dll
• %System%\Codecs\Lang\mpcresources.pl.dll
• %System%\Codecs\Lang\mpcresources.pt_BR.dll
• %System%\Codecs\Lang\mpcresources.pt_PT.dll
• %System%\Codecs\Lang\mpcresources.ro.dll
• %System%\Codecs\Lang\mpcresources.ru.dll
• %System%\Codecs\Lang\mpcresources.sk.dll
• %System%\Codecs\Lang\mpcresources.sl.dll
• %System%\Codecs\Lang\mpcresources.sr.dll
• %System%\Codecs\Lang\mpcresources.sv.dll
• %System%\Codecs\Lang\mpcresources.th_TH.dll
• %System%\Codecs\Lang\mpcresources.tr.dll
• %System%\Codecs\Lang\mpcresources.tt.dll
• %System%\Codecs\Lang\mpcresources.uk.dll
• %System%\Codecs\Lang\mpcresources.vi.dll
• %System%\Codecs\Lang\mpcresources.zh_CN.dll
• %System%\Codecs\Lang\mpcresources.zh_TW.dll
• %System%\Codecs\MPCP.ico
• %System%\Codecs\NotifyDisplayChange.exe.new → renamed to NotifyDisplayChange.exe
• %System%\Codecs\ReClock.dll.new → renamed to ReClock.dll
• %System%\Codecs\ReClockDS.dll.new → renamed to ReClockDS.dll
• %System%\Codecs\ReClockHelper.dll.new → renamed to ReClockHelper.dll
• %System%\Codecs\Resampler.dll.new → renamed to Resampler.dll
• %System%\Codecs\RunEvent.SetDisplayFrequency.sample.vbs.new → renamed to RunEvent.SetDisplayFrequency.sample.vbs
• %System%\Codecs\RunEvent.sample.vbs.new → renamed to RunEvent.sample.vbs
• %System%\Codecs\SetACL.exe
• %System%\Codecs\Shaders\"0-255 to 16-235.hlsl"
• %System%\Codecs\Shaders\"16-235 to 0-255 [SD].hlsl"
• %System%\Codecs\Shaders\"16-235 to 0-255.hlsl"
• %System%\Codecs\Shaders\"Adaptive sharpen.hlsl"
• %System%\Codecs\Shaders\"BT.601 to BT.709 [HD].hlsl"
• %System%\Codecs\Shaders\"Deinterlace (blend).hlsl"
• %System%\Codecs\Shaders\"Edge sharpen.hlsl"
• %System%\Codecs\Shaders\"LCD angle correction.hlsl"
• %System%\Codecs\Shaders\"Sharpen complex 2.hlsl"
• %System%\Codecs\Shaders\"Sharpen complex.hlsl"
• %System%\Codecs\Shaders\"YV12 chroma upsampling.hlsl"
• %System%\Codecs\Shaders\Denoise.hlsl
• %System%\Codecs\Shaders\Grayscale.hlsl
• %System%\Codecs\Shaders\Invert.hlsl
• %System%\Codecs\Shaders\Letterbox.hlsl
• %System%\Codecs\Shaders\LumaSharpen.hlsl
• %System%\Codecs\Shaders\Nightvision.hlsl
• %System%\Codecs\Shaders\Procamp.hlsl
• %System%\Codecs\Shaders\Sepia.hlsl
• %System%\Codecs\Shaders\Sharpen.hlsl
• %System%\Codecs\Shaders\Threshold.hlsl
• %System%\Codecs\Timestretch.dll.new → renamed to Timestretch.dll
• %System%\Codecs\TrayMenu.exe.new → renamed to TrayMenu.exe
• %System%\Codecs\Uninst.exe
• %System%\Codecs\Uninst.exe.new → renamed to Uninst.exe
• %System%\Codecs\UpdateChecker.exe.new → renamed to UpdateChecker.exe
• %System%\Codecs\mpc-hc.exe
• %System%\Codecs\mpciconlib.dll
• %System%\DCBassSourceMod.ax.new → renamed to DCBassSourceMod.ax
• %System%\DSDOUT_VIDEO.bmp.new → renamed to DSDOUT_VIDEO.bmp
• %System%\DSDProcessUnit.dll.new → renamed to DSDProcessUnit.dll
• %System%\DSDSourceFilter.ax.new → renamed to DSDSourceFilter.ax
• %System%\DSDToPCMFilter.ax.new → renamed to DSDToPCMFilter.ax
• %System%\DSDVideoOutFilter.ax.new → renamed to DSDVideoOutFilter.ax
• %System%\DiscHandler.exe.new → renamed to DiscHandler.exe
• %System%\DivXa32.acm.new → renamed to DivXa32.acm
• %System%\FLWindowsVistaAPI.dll.new → renamed to FLWindowsVistaAPI.dll
• %System%\Formats.ini.new → renamed to Formats.ini
• %System%\IcarosCache.dll
• %System%\IcarosCache.dll.new → renamed to IcarosCache.dll
• %System%\IcarosConfig.exe.new → renamed to IcarosConfig.exe
• %System%\IcarosPropertyHandler.dll
• %System%\IcarosPropertyHandler.dll.new → renamed to IcarosPropertyHandler.dll
• %System%\IcarosThumbnailProvider.dll
• %System%\IcarosThumbnailProvider.dll.new → renamed to IcarosThumbnailProvider.dll
• %System%\IcarosUICore.dll.new → renamed to IcarosUICore.dll
• %System%\IntelQuickSyncDecoder.dll.new → renamed to IntelQuickSyncDecoder.dll
• %System%\LAVAudio.ax.new → renamed to LAVAudio.ax
• %System%\LAVFilters.Dependencies.manifest.new → renamed to LAVFilters.Dependencies.manifest.dll
• %System%\LAVSplitter.ax.new → renamed to LAVSplitter.ax
• %System%\LAVVideo.ax.new → renamed to LAVVideo.ax
• %System%\Lagarith.dll.new → renamed to Lagarith.dll
• %System%\OptimFROG.dll.new → renamed to OptimFROG.dll
• %System%\PCMOUT_VIDEO_1644.bmp.new → renamed to PCMOUT_VIDEO_1644.bmp
• %System%\PCMOUT_VIDEO_2496.bmp.new → renamed to PCMOUT_VIDEO_2496.bmp
• %System%\TomsMoComp_ff.dll.new → renamed to TomsMoComp_ff.dll
• %System%\VSFilter.dll.new → renamed to VSFilter.dll
• %System%\VzCs.dll.new → renamed to VzCs.dll
• %System%\VzCsDsAudioDevice.vzcs.classinfo.new → VzCsDsAudioDevice.vzcs.classinfo
• %System%\VzCsDsAudioDevice.vzcs.new → renamed to VzCsDsAudioDevice.vzcs
• %System%\avcodec-ics-58.dll
• %System%\avcodec-ics-58.dll.new → renamed to avcodec-ics-58.dll
• %System%\avcodec-lav-58.dll.new → renamed to avcodec-lav-58.dll
• %System%\avfilter-lav-7.dll.new → renamed to avfilter-lav-7.dll
• %System%\avformat-ics-58.dll
• %System%\avformat-ics-58.dll.new → renamed to avformat-ics-58.dll
• %System%\avformat-lav-58.dll.new → renamed to avformat-lav-58.dll
• %System%\avi.dll.new → renamed to avi.dll
• %System%\avi.x64.dll.new → renamed to avi.x64.dll
• %System%\avresample-lav-4.dll.new → renamed to avresample-lav-4.dll
• %System%\avs.dll.new → renamed to avs.dll
• %System%\avss.dll.new → renamed to avss.dll
• %System%\avutil-ics-56.dll
• %System%\avutil-ics-56.dll.new → renamed to avutil-ics-56.dll
• %System%\avutil-lav-56.dll.new → renamed to avutil-lav-56.dll
• %System%\bass.dll.new → renamed to bass.dll
• %System%\bass_aac.dll.new → renamed to bass_aac.dll
• %System%\bass_alac.dll.new → renamed to bass_alac.dll
• %System%\bass_ape.dll.new → renamed to bass_ape.dll
• %System%\bass_mpc.dll.new → renamed to bass_mpc.dll
• %System%\bass_ofr.dll.new → renamed to bass_ofr.dll
• %System%\bass_tak.dll.new → renamed to bass_tak.dll
• %System%\bass_tta.dll.new → renamed to bass_tta.dll
• %System%\basscd.dll.new → renamed to basscd.dll
• %System%\bassflac.dll.new → renamed to bassflac.dll
• %System%\bassopus.dll.new → renamed to bassopus.dll
• %System%\basswv.dll.new → renamed to basswv.dll
• %System%\cdxareader.ax.new → renamed to cdxareader.ax
• %System%\cue2xml.js.new → renamed to cue2xml.js
• %System%\dsmux.exe.new → renamed to dsmux.exe
• %System%\dsmux.x64.exe.new → renamed to dsmux.x64.exe
• %System%\dxr.dll.new → renamed to dxr.dll
• %System%\dxr.x64.dll.new → renamed to dxr.x64.dll
• %System%\ff_kernelDeint.dll.new → renamed to ff_kernelDeint.dll
• %System%\ff_liba52.dll.new → renamed to ff_liba52.dll
• %System%\ff_libdts.dll.new → renamed to ff_libdts.dll
• %System%\ff_libfaad2.dll.new → renamed to ff_libfaad2.dll
• %System%\ff_libmad.dll.new → renamed to ff_libmad.dll
• %System%\ff_samplerate.dll.new → renamed to ff_samplerate.dll
• %System%\ff_unrar.dll.new → renamed to ff_unrar.dll
• %System%\ff_wmv9.dll.new → renamed to ff_wmv9.dll
• %System%\ffdshow.ax.new → renamed to ffdshow.ax
• %System%\ffmpeg.dll.new → renamed to ffmpeg.dll
• %System%\gdsmux.exe.new → renamed to gdsmux.exe
• %System%\gdsmux.x64.exe.new → renamed to gdsmux.x64.exe
• %System%\libFLAC.dll.new → renamed to libFLAC.dll
• %System%\libbluray.dll.new → renamed to libbluray.dll
• %System%\libmmd.dll.new → renamed to libmmd.dll
• %System%\libmpeg2_ff.dll.new → renamed to libmpeg2_ff.dll
• %System%\madFlac.ax.new → renamed to madFlac.ax
• %System%\mkunicode.dll.new → renamed to mkunicode.dll
• %System%\mkunicode.x64.dll.new → renamed to mkunicode.x64.dll
• %System%\mkv2vfr.exe.new → renamed to mkv2vfr.exe
• %System%\mkv2vfr.x64.exe.new → renamed to mkv2vfr.x64.exe
• %System%\mkx.dll.new → renamed to mkx.dll
• %System%\mkx.x64.dll.new → renamed to mkx.x64.dll
• %System%\mkzlib.dll.new → renamed to mkzlib.dll
• %System%\mkzlib.x64.dll.new → renamed to mkzlib.x64.dll
• %System%\mp4.dll.new → renamed to mp4.dll
• %System%\mp4.x64.dll.new → renamed to mp4.x64.dll
• %System%\msvcp71.dll
• %System%\msvcp80.dll
• %System%\msvcr71.dll
• %System%\msvcr80.dll
• %System%\ogm.dll.new → renamed to ogm.dll
• %System%\ogm.x64.dll.new → renamed to ogm.x64.dll
• %System%\splitter.ax.new → renamed to splitter.ax
• %System%\splitter.x64.ax.new → renamed to splitter.x64.ax
• %System%\swscale-ics-5.dll
• %System%\swscale-ics-5.dll.new → renamed to swscale-ics-5.dll
• %System%\swscale-lav-5.dll.new → renamed to swscale-lav-5.dll
• %System%\tak_deco_lib.dll.new → renamed to tak_deco_lib.dll
• %System%\ts.dll.new → renamed to ts.dll
• %System%\ts.x64.dll.new → renamed to ts.x64.dll
• %System%\x264vfw.dll.new → renamed to x264vfw.dll
• %System%\xvidcore.dll.new → renamed to xvidcore.dll
• %System%\xvidvfw.dll.new → renamed to xvidvfw.dll
• %User Temp%\ns{random}.tmp
• %User Temp%\ns{random}.tmp\UserInfo.dll
• %User Temp%\ns{random}.tmp\System.dll
• %User Temp%\ns{random}.tmp\easy.ini
• %User Temp%\ns{random}.tmp\video.ini
• %User Temp%\ns{random}.tmp\video_hardware.ini
• %User Temp%\ns{random}.tmp\audio.ini
• %User Temp%\ns{random}.tmp\InstallOptions.dll
• %System Root%\unstart.ini → added after uninstallation process

(Nota: %Common Startup% es la carpeta de inicio común del sistema, que en el caso de Windows 98 y ME suele estar en C:\Windows\Menú Inicio\Programas\Inicio, en el caso de Windows NT en C:\WINNT\Profiles\All Users\Programas\Inicio y en el caso de Windows 2000, XP y Server 2003 en C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio).

Agrega los procesos siguientes:

• %System%\Codecs\TrayMenu.exe

(Nota: %System% es la carpeta del sistema de Windows, que en el caso de Windows 98 y ME suele estar en C:\Windows\System, en el caso de Windows NT y 2000 en C:\WINNT\System32 y en el caso de Windows 2000(32-bit), XP, Server 2003(32-bit), Vista, 7, 8, 8.1, 2008(64-bit), 2012(64bit) y 10(64-bit) en C:\Windows\System32).

Técnica de inicio automático

Crea las siguientes entradas de registro para activar la ejecución automática del componente infiltrado cada vez que arranque el sistema:

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Codec Pack Update Checker = %System%\Codecs\UpdateChecker.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Run
Codec Settings UAC Manager = %System%\Codecs\CodecUACManager.exe

Otras modificaciones del sistema

Agrega las siguientes entradas de registro:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows Media Foundation\ByteStreamHandlers\.m4a
{271C3902-6095-4c45-A22F-20091816EE9E}_disabled = MPEG4 Byte Stream Handler

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\Microsoft\
DirectShow\Preferred
{31435641-0000-0010-8000-00AA00389B71} = {SID}

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\Microsoft\
DirectShow\Preferred
{31435657-0000-0010-8000-00AA00389B71} = {SID}

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\Microsoft\
DirectShow\Preferred
{31637661-0000-0010-8000-00AA00389B71} = {SID}

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\Microsoft\
DirectShow\Preferred
{34363248-0000-0010-8000-00AA00389B71} = {SID}

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\Microsoft\
DirectShow\Preferred
{34363268-0000-0010-8000-00AA00389B71} = {SID}

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\Microsoft\
DirectShow\Preferred
{44495658-0000-0010-8000-00AA00389B71} = {SID}

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\Microsoft\
DirectShow\Preferred
{5634504D-0000-0010-8000-00AA00389B71} = {SID}

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\Microsoft\
DirectShow\Preferred
{58564944-0000-0010-8000-00AA00389B71} = {SID}

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\Microsoft\
DirectShow\Preferred
{64697678-0000-0010-8000-00AA00389B71} = {SID}

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\Microsoft\
DirectShow\Preferred
{7634706D-0000-0010-8000-00AA00389B71} = {SID}

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\Microsoft\
DirectShow\Preferred
{78766964-0000-0010-8000-00AA00389B71} = {SID}

HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\
MediaResources\acm\msacm.divxa32
Description = "DivX Audio Codec"

HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\
MediaResources\acm\msacm.divxa32
Driver = DivXa32.acm

HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\
MediaResources\acm\msacm.divxa32
FriendlyName = "DivX Audio Codec"

HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\
MediaResources\icm\vidc.lags
Description = "Lagarith lossless codec [LAGS]"

HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\
MediaResources\icm\vidc.lags
Driver = lagarith.dll

HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\
MediaResources\icm\vidc.lags
FriendlyName = "Lagarith lossless codec [LAGS]"

HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\
MediaResources\icm\vidc.x264
Description = "x264 Video Codec"

HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\
MediaResources\icm\vidc.x264
Driver = x264vfw.dll

HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\
MediaResources\icm\vidc.x264
FriendlyName = "x264 Video Codec"

HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\
MediaResources\icm\vidc.xvid
Description = "XviD 1.3.7 Video Codec"

HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\
MediaResources\icm\vidc.xvid
Driver = xvidvfw.dll

HKEY_LOCAL_MACHINESYSTEM\CurrentControlSet\Control\
MediaResources\icm\vidc.xvid
FriendlyName = "XviD 1.3.7 Video Codec"

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogmfile\shellex\PropertySheetHandlers\
HaaliMediaSplitter

Propagación

Este malware no tiene ninguna rutina de propagación.

Rutina de puerta trasera

Este malware no tiene ninguna rutina de puerta trasera.

Otros detalles

Agrega las siguientes entradas de registro para añadir una opción de desinstalación al Panel de control:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Media Player - Codec Pack
DisplayIcon = %System%\Codecs\.\MPCP.ico,0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Media Player - Codec Pack
DisplayName = Media Player Codec Pack 4.5.7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Media Player - Codec Pack
DisplayVersion = 4.5.7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Media Player - Codec Pack
UninstallString = %System%\Codecs\Uninst.exe

Agrega las siguientes entradas de registro como parte de la rutina de instalación:

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\Gabest (Contains configuration for Gabest VSFilter used for processing subtitles)

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\GNU\
{ffdshow and ffdshow64} (Contains configuration for ffdshow used for encoding and decoding different video formats)

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\GNU\
{ffdshow_audio and ffdshow64_audio} (Contains configuration for ffdshow used for encoding and decoding audio formats)

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\GNU\
{ffdshow_dxva and ffdshow64_dxva} (Contains configuration for ffdshow_dxva used for encoding and decoding DXVA video formats)

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\LAV (Contains configuration for LAV used for encoding and decoding different media formats)

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\Microsoft\
MediaPlayer (Contains configuration for Windows Media Player)

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\Microsoft\
Multimedia\WMPlayer (Contains configuration for Windows Media Player)

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\3dtv.at\
Stereoscopic Player (Contains configuration for Stereoscopic Player)

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\NVIDIA Corporation\
NVIDIA 3D Vision Video Player (Contains configuration for NVIDIA 3D Vision Video Player)

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\MPC-HC\
MPC-HC (Contains configuration for MPC-HC Player)

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\Sony Corporation\
DSD Playback DirectShow Filters (Contains configuration for DSD Playback DirectShow Filters)

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\Sony Corporation\
DSD to PCM Playback DirectShow Filters (Contains configuration for DSD to PCM Playback DirectShow Filters)

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\Icaros (Contains configuration for Icaros video thumbnail software)

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
Media Player - Codec Pack (Contains uninstall information for the installed application)

{HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER}\Software\Media Player - Codec Pack (Contains information for the installed application)

HKEY_LOCAL_MACHINE\SOFTWARE\Software\
CLASSES\MatroskaVideo (Contains configuration for Matroska video formats)

HKEY_LOCAL_MACHINE\SOFTWARE\{Haali and HaaliMkx} (Contains configuration for Haali and HaaliMkx Media Splitter)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
{Windows or Windows NT}\CurrentVersion\{drivers.desc and drivers32} (Contains configuration for Windows multimedia drivers)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Media Type\{e436eb83-524f-11ce-9f53-0020af0ba770}\{49952F4C-3EDC-4A9B-8906-1DE02A3D4BC2} (Contains additional configuration for Haali Media splitter)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
AutoplayHandlers\Handlers\MSPlayBluRayOnArrival (Contains configuration for autoplay handlers)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
AutoplayHandlers\Handlers\MSPlayDVDMovieOnArrival (Contains configuration for autoplay handlers)

HKEY_CURRENT_USER\Software\ReClock (Contains configuration for the Reclock component of the installed application)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
ogmfile\shellex\PropertySheetHandlers\
HaaliMediaSplitter (for Haali Media Splitter Usage)

{HKEY_LOCAL_MACHINE\SOFTWARE\Classes or HKEY_CLASSES_ROOT}\
{.mka, .mkv and ogmfile} (for MatroskaVideo Usage)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{083863F1-70DE-11D0-BD40-00A0C911CE86}\Instance\
{B98D13E7-55DB-4385-A33D-09FD1BA26338} (for LAV Splitter Source Usage)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{B98D13E7-55DB-4385-A33D-09FD1BA26338} (for LAV Splitter Source Usage)

HKEY_CLASSES_ROOT\CLSID\{B98D13E7-55DB-4385-A33D-09FD1BA26338} (for LAV Splitter Source Usage)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
HKEY_CURRENT_USER (added if Uninstallation option is used)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
HKEY_CURRENT_USER\SOFTWARE (added if Uninstallation option is used)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
HKEY_CURRENT_USER\SOFTWARE\DSP-worx (added if Uninstallation option is used)

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
HKEY_CURRENT_USER\SOFTWARE\DSP-worx\
DC-Bass Source Mod (added if Uninstallation option is used)

Hace lo siguiente:

• It may opt to shutdown the system after installation.
• It connects to the following URL to send information and receive ad configuration:
  • https://d2cp8mgeqj97lj.{BLOCKED}ront.net/sec
  • https://d2cp8mgeqj97lj.{BLOCKED}ront.net/assets/schema/1.0/schema.xsd
• It connects to the following URL to download and load resources in memory
  • https://d3j6hg32mwjrha.{BLOCKED}ront.net/ver/il/v9.24.527.231.6
• It connects to the following URL to send installation analytics:
  • https://d2cp8mgeqj97lj.{BLOCKED}ront.net/report
• It may display different ads depending on the received configuration from its list of connected URLs.
• It sends the following information to its list of connected URLs:
  • Install status
  • Operating system version
  • Locale
  • Memory size
  • Flag if executed on x64 architecture
  • Execution mode
  • Generated ID and session ID
• It contains pre-checked checkboxes that toggle which components to install.