Popup - https://apptradefair.com/landingpage/noisewear6/?session=61549f058ffc2368262b6a1f56f939d4
Program installs the Siggen12 trojan, according to VirusTotal - https://www.virustotal.com/gui/file/24d7c71d82c108644ceb74d7399e79f3238f42fdbbcedc4cb00251106f242aba/detection
The </s>.msi<e> file contains this </s>.exe<e>
VirusTotal
This one, despite being flagged by twice as many vendors, also opens the registry keys:
</s>HKLM\SOFTWARE\Policies\Microsoft\Windows Defender<e>
</s>HKLM\SOFTWARE\Microsoft\Windows Defender<e>
</s>HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\MpEngine<e>
Definitely malware.
Also, their site says that it is an “ad mediator” (yeah, right…) and the link no longer works.