PUA.Win32.MulSetup.THA

 Modified by: Bren Matthew Ebriega

 ALIASES:

HEUR:Downloader.Win32.MulSetup.gen (KASPERSKY); Downloader.MulSetup (VBA32)

 PLATFORM:

Windows

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Potentially Unwanted Application

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW

Infection Channel:

Downloaded from the Internet

This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It connects to certain websites to send and receive information.

  TECHNICAL DETAILS

File Size:

423,040 bytes

File Type:

EXE

Memory Resident:

No

Initial Samples Received Date:

13 Apr 2020

Payload:

Connects to URLs/IPs, Displays windows

Arrival Details

This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

This Potentially Unwanted Application drops the following files:

  • %User Temp%\multi_setup.log → contains download config chosen
  • %User Temp%\msetup\msetup.json → log containing program events

(Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000(32-bit), XP, and Server 2003(32-bit), or C:\Users\{user name}\AppData\Local\Temp on Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit).)

It creates the following folders:

  • %User Temp%\msetup
  • %User Temp%\msetup\icons

(Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000(32-bit), XP, and Server 2003(32-bit), or C:\Users\{user name}\AppData\Local\Temp on Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit).)

It adds the following mutexes to ensure that only one of its copies runs at any one time:

  • MulSetup

Download Routine

This Potentially Unwanted Application accesses the following websites to download files:

  • https://api.{BLOCKED}p.pro/icons/icons.cab - %UserTemp%\msetup\5e8c8366-a94d4.cab (Icons)

It downloads the file from the following URL and renames the file when stored in the affected system:

  • [Development]
    • http:\\cdn3.msetup.download\jdk-13.0.1_windows-x64_bin.exe(Java Development Kit)
  • [Drivers]
    • http:\\cdn3.msetup.download\PhysX-9.16.0318-SystemSoftware.exe(NVIDIA PhysX System Software)
  • [Games]
    • http:\\cdn3.msetup.download\gg\gg_client.exe(Desktop Games)
    • http:\\cdn3.msetup.download\Installer_oscar.exe(Oscar Editor)
    • http:\\cdn3.msetup.download\GameCenterLoader_6c5ca0636d67c4812bb8f6b118d97bfc.exe(Game Center Mail.ru)
    • http:\\cdn3.msetup.download\VimeWorld.exe(VimeWorld)
    • http:\\cdn3.msetup.download\TLauncher-2.66-Installer-0.5.2.exe(Minecraft TLauncher)
    • http:\\cdn3.msetup.download\TLauncher-2.66-Installer-0.5.2.exe(TLauncher)
    • http:\\cdn3.msetup.download\pbsetup.zip(PunkBuster)
  • [Internet, Games]
    • http:\\cdn3.msetup.download\dw\EpicInstaller-7.16.0.msi.zip(Epic Games Launcher)
  • [Internet]
    • http:\\cdn3.msetup.download\dw\Yandex.exe(Yandex Browser)
    • http:\\cdn3.msetup.download\dw\Opera_45.0.2552.812_Setup-Original.exe(Opera)
    • https:\\download.adguard.com\d\29737\adguardInstaller.exe(Adguard)
    • http:\\cdn3.msetup.download\Skype-8.40.0.70.exe(Skype)
    • http:\\cdn3.msetup.download\dw\telegram_1.1.23.exe(Telegram)
    • http:\\cdn3.msetup.download\dw\SteamSetup.exe(Steam)
    • http:\\cdn3.msetup.download\dw\WhatsAppSetup.exe(WhatsApp)
    • http:\\cdn3.msetup.download\dw\DiscordSetup.exe(Discord)
    • http:\\cdn3.msetup.download\ViberSetup.exe(Viber)
    • http:\\cdn3.msetup.download\dw\SFHelper.exe(Savefrom.net)
    • http:\\cdn3.msetup.download\uTorrent.exe(uTorrent)
    • http:\\cdn3.msetup.download\dw\Ammyy-Admin-3.5-Corporate-DC.zip(Ammyy Admin)
    • http:\\cdn3.msetup.download\torbrowser-install-9.0.2_ru.exe(Tor Browser)
    • http:\\cdn3.msetup.download\dw\EIE11_RU-RU_MCM_WIN7.EXE(Internet Explorer)
    • http:\\cdn3.msetup.download\install_flash_player-FireFoX.exe(Adobe Flash Player)
    • http:\\cdn3.msetup.download\TeamViewer_Setup.exe(TeamViewer)
    • http:\\cdn3.msetup.download\dw\Firefox_Setup_55.0.3.exe(Mozilla Firefox)
    • http:\\cdn3.msetup.download\dw\GlazTV-Setup-v1.02.exe(GlazTV)
    • http:\\cdn3.msetup.download\dw\Google_Earth_Pro.exe(Google Earth)
    • http:\\cdn3.msetup.download\dw\IpTvPlayer-setup.exe(IP-TV Player)
    • http:\\cdn3.msetup.download\dw\vksaver-install.exe(VKSaver)
    • http:\\cdn3.msetup.download\dw\2GISShell_3.16.3.0.msi.zip(2GIS)
    • http:\\cdn3.msetup.download\dw\SafariSetup.exe(Safari)
    • http:\\cdn3.msetup.download\dw\VKMusic_4.77.1.exe(VKMusic)
    • http:\\cdn3.msetup.download\dw\raidcall_ru_v8.2.0.exe(RaidCall)
    • http:\\cdn3.msetup.download\dw\OBS-Studio-22.0.2-Full-Installer-x64.exe(OBS Studio)
    • http:\\cdn3.msetup.download\dw\TeamSpeak3-Client-win32-3.1.6.exe(TeamSpeak 3)
    • http:\\cdn3.msetup.download\dw\VirtualRouterInstaller.zip(Virtual Router)
    • http:\\cdn3.msetup.download\dw\drugvokrug_win.exe(Drug Vokrug)
    • http:\\cdn3.msetup.download\dw\UnityWebPlayer.exe(Unity Web Player)
    • http:\\cdn3.msetup.download\dw\dmaster.exe(Download Master)
    • http:\\cdn3.msetup.download\dw\PCRADIO_5.0.2.exe(PCRadio)
    • http:\\cdn3.msetup.download\dw\YandexDiskSetupRu.exe(Yandex Disk)
    • http:\\cdn3.msetup.download\dw\OriginThinSetup.exe(Origin)
    • http:\\cdn3.msetup.download\dw\hamachi_2.2.0.328.msi(Hamachi)
    • http:\\cdn3.msetup.download\dw\TunnelBear-Installer.exe(TunnelBear)
    • http:\\cdn3.msetup.download\dw\googledrivefilestream.exe(Google Drive)
    • http:\\cdn3.msetup.download\dotNetFx45_Full_setup.exe(NET Framework)
    • http:\\cdn3.msetup.download\MicrosoftEdgeSetupBeta.exe(Microsoft Edge)
    • http:\\cdn3.msetup.download\dw\openvpn-install-2.4.6-I602.exe(OpenVPN)
    • http:\\cdn3.msetup.download\dw\Supremo.exe(Supremo)
    • http:\\cdn3.msetup.download\dw\YTDSetup.exe(YouTube Downloader)
    • http:\\cdn3.msetup.download\dw\K-Meleon75.1.exe(K-Meleon)
    • http:\\cdn3.msetup.download\dw\Disk-O_setup.exe(Cloud Mail.ru)
    • http:\\cdn3.msetup.download\dw\Amigo.exe(Amigo)
    • http:\\cdn3.msetup.download\TLauncher-2.66-Installer-0.5.2.exe(TLauncher)
    • http:\\cdn3.msetup.download\dw\icq.exe(ICQ)
    • http:\\cdn3.msetup.download\ChromeSetup.exe(Google Chrome)
    • http:\\cdn3.msetup.download\SASPlanet_181221.zip(SAS Planet 2019)
    • http:\\cdn3.msetup.download\dw\UC_Browser_7.0.69.1022.exe(UC Browser)
    • http:\\cdn3.msetup.download\dw\FileZilla_Server-0_9_60_2.exe(FileZilla)
    • http:\\cdn3.msetup.download\dw\mx_5.1.3.2000.exe(Maxthon)
    • http:\\cdn3.msetup.download\dw\HotspotShield-7.4.2-328881.exe(Hotspot Shield)
    • http:\\cdn3.msetup.download\dw\Thunderbird_Setup_52.4.0.exe(Mozilla Thunderbird)
    • http:\\cdn3.msetup.download\dw\MyPublicWiFi.exe(MyPublicWiFi)
    • http:\\cdn3.msetup.download\dw\idman630build7.exe(Internet Download Manager)
    • http:\\cdn3.msetup.download\dw\tvpcstp.exe(TV Player Classic)
    • http:\\cdn3.msetup.download\dw\LINE.exe(LINE)
    • http:\\cdn3.msetup.download\dw\DropboxInstaller.exe(Dropbox)
    • http:\\cdn3.msetup.download\dw\DCPlusPlus_0.867.exe(DC++)
    • http:\\cdn3.msetup.download\dw\UplayInstaller.exe(Uplay)
    • http:\\cdn3.msetup.download\dw\The_Bat!_8.0.14.exe(The Bat!)
    • http:\\cdn3.msetup.download\dw\Silverlight.exe(Silverlight)
    • http:\\cdn3.msetup.download\dw\qbittorrent_4.0.2_setup.exe(qBittorrent)
    • http:\\cdn3.msetup.download\dw\WeChat_C1018.exe(WeChat)
    • http:\\cdn3.msetup.download\dw\eMule0.50a-Installer.exe(eMule)
    • http:\\cdn3.msetup.download\qip2012b.exe(QIP 2012)
    • http:\\cdn3.msetup.download\dw\AnyDesk.exe(AnyDesk)
    • http:\\cdn3.msetup.download\dw\ooVoo-Setup.exe(ooVoo)
    • http:\\cdn3.msetup.download\dw\SlackSetup.x64.exe(Slack)
    • http:\\cdn3.msetup.download\dw\PuTTY-0.66-RU-16.zip(PuTTY)
    • http:\\cdn3.msetup.download\dw\ZelloSetup.exe(Zello)
    • http:\\cdn3.msetup.download\dw\charles_proxy_4.2.1win32x64.zip(Charles)
    • http:\\cdn3.msetup.download\dw\palemoon-28.1.0.win32.installer.exe(Pale Moon)
    • http:\\cdn3.msetup.download\dw\WinSCP_5.11.3.exe(WinSCP)
    • http:\\cdn3.msetup.download\dw\Transmission-2.94.zip(Transmission)
    • http:\\cdn3.msetup.download\dw\Vivaldi_1.13.1008.34.exe(Vivaldi)
    • http:\\cdn3.msetup.download\dw\Evernote_6.15.4.7934.exe(Evernote)
    • http:\\cdn3.msetup.download\dw\CFSetup456.exe(Clownfish)
    • http:\\cdn3.msetup.download\dw\Radmin_3.5.2.1_RU.zip(Radmin)
    • http:\\cdn3.msetup.download\BitTorrent.exe(BitTorrent)
    • http:\\cdn3.msetup.download\chrome-win.zip(Chromium)
    • http:\\cdn3.msetup.download\TeamViewer_Setup.exe(TeamViewer)
    • http:\\cdn3.msetup.download\SharemanSetup.exe(Shareman)
    • https:\\zoom.us\client\latest\ZoomInstaller.exe(Zoom)
    • http:\\cdn3.msetup.download\qip2005_build_8095.exe(QIP 2005)
    • http:\\cdn3.msetup.download\QIP_infium_3.0_9044_Rus_Setup.exe(QIP Infium)
  • [Multimedia, Development]
    • http:\\cdn3.msetup.download\SketchBook_8.6.0.0_Win64.exe(Autodesk Sketchbook Pro)
  • [Multimedia]
    • http:\\cdn3.msetup.download\dw\SAI-1.2.5-rus.zip(Paint Tool SAI)
    • http:\\cdn3.msetup.download\DirectX-dxwebsetup.exe(DirectX)
    • http:\\cdn3.msetup.download\dw\bdcamsetup.exe(Bandicam)
    • http:\\cdn3.msetup.download\dw\wmp11-windowsxp-x86-RU-RU.exe(Windows Media Player)
    • http:\\cdn3.msetup.download\dw\K-Lite_Codec_Pack_1400_Mega.exe(K-Lite Codec Pack)
    • http:\\cdn3.msetup.download\dw\KMPlayer_4.1.5.8.exe(KMPlayer)
    • http:\\cdn3.msetup.download\dw\aimp_4.13.1895.exe(Aimp)
    • http:\\cdn3.msetup.download\dw\Vista_Windows7_Windows8_Windows8.1_Windows10_Driver.exe(Realtek HD)
    • http:\\cdn3.msetup.download\dw\SketchUp_Pro_2017_v17.2.2555_(x64)_Final.exe(SketchUp)
    • http:\\cdn3.msetup.download\vlc-3.0.8-win32.zip(VLC Media Player)
    • http:\\cdn3.msetup.download\dw\Windows_Live_Movie_Maker.exe(Windows Movie Maker)
    • http:\\cdn3.msetup.download\dw\nvidia-Inspector-1.9.7.8.zip(NVIDIA Inspector)
    • http:\\cdn3.msetup.download\dw\388.71_desktop_notebook_win8_win7_32.exe(NVIDIA GeForce)
    • http:\\cdn3.msetup.download\flstudio_win_20.1.2.887.exe(FL Studio)
    • http:\\cdn3.msetup.download\dw\Apache_OpenOffice_4.1.4_Win_x86_install_ru.exe(OpenOffice)
    • http:\\cdn3.msetup.download\dw\MorphVOX-Pro-4.4.17-Deluxe.zip(MorphVOX Pro)
    • http:\\cdn3.msetup.download\dw\vppsetup.exe(VideoPad Video Editor)
    • http:\\cdn3.msetup.download\dw\NVIDIA_PhysX_System_Software_9.17.0524.exe(NVIDIA PhysX)
    • http:\\cdn3.msetup.download\dw\paint_net_4.0.19rus.exe(Paint.NET)
    • http:\\cdn3.msetup.download\dw\WinampPRO_v5.666.3516.exe(Winamp)
    • http:\\cdn3.msetup.download\PinnacleStudio16_Trial_Setup.exe(Pinnacle Studio)
    • http:\\cdn3.msetup.download\dw\Xvid-1.3.4-20150621.exe(Xvid Video Codec)
    • http:\\cdn3.msetup.download\dw\blender-2.78c-windows32.msi(Blender)
    • http:\\cdn3.msetup.download\dw\gimp-2.8.22-setup.exe(GIMP)
    • http:\\cdn3.msetup.download\dw\picasa39-setup.exe(Picasa)
    • http:\\cdn3.msetup.download\dw\Format.Factory.4.6.0.2.exe(Format Factory)
    • http:\\cdn3.msetup.download\dw\FSViewer.exe(FastStone Image Viewer)
    • http:\\cdn3.msetup.download\dw\Fraps_3.5.99.15618.exe(Fraps)
    • http:\\cdn3.msetup.download\GOMPlayer.exe(GOM Player)
    • http:\\cdn3.msetup.download\dw\audacity_win_2.1.3.exe(Audacity)
    • http:\\cdn3.msetup.download\dw\iTools_3.rar(iTools)
    • http:\\cdn3.msetup.download\dw\Movavi_Video_Editor_Plus_14.1.1.exe(Movavi Video Editor)
    • http:\\cdn3.msetup.download\dw\Setup-SopCast-4.2.0-2016-5-26.exe(SopCast)
    • http:\\cdn3.msetup.download\dw\GeForce_Experience_v3.15.0.164.exe(GeForce Experience)
    • http:\\cdn3.msetup.download\dw\Photodex-ProShow-Producer-v9.0.3797-Final.zip(Proshow Producer)
    • http:\\cdn3.msetup.download\dw\radeon-software-adrenalin.exe(AMD Catalyst Control Center)
    • http:\\cdn3.msetup.download\dw\FastStone-Capture-8.3.exe(FastStone Capture)
    • http:\\cdn3.msetup.download\dw\Wondershare-Filmora-8.7.5.0-64-bit.zip(Wondershare Filmora)
    • http:\\cdn3.msetup.download\dw\FreemakeVideoConverterSetup.exe(Freemake Video Converter)
    • http:\\cdn3.msetup.download\dw\JAD8105_PLUS_VX.exe(JetAudio)
    • http:\\cdn3.msetup.download\dw\SweetHome3D_5.6_windows.exe(Sweet Home 3D)
    • http:\\cdn3.msetup.download\dw\setup-lightshot.exe(Lightshot)
    • http:\\cdn3.msetup.download\dw\SmithMicro_Moho_Pro_12.2_Build_21774.zip(Anime Studio Pro)
    • http:\\cdn3.msetup.download\dw\shotcut-win64-180102.exe(Shortcut)
    • http:\\cdn3.msetup.download\dw\FurMark_1.19.1.0_Setup.exe(FurMark)
    • http:\\cdn3.msetup.download\dw\PotPlayerSetup.exe(Daum PotPlayer)
    • http:\\cdn3.msetup.download\dw\PhotoScapeSetup_V3-7.exe(Photoscape)
    • http:\\cdn3.msetup.download\dw\XnView_win_full.exe(XnView)
    • http:\\cdn3.msetup.download\dw\DivXInstaller_free.exe(DivX)
    • http:\\cdn3.msetup.download\dw\LA_Setup_v4.10.2.exe(Light Alloy)
    • http:\\cdn3.msetup.download\dw\vuex3296.exe(VueScan)
    • http:\\cdn3.msetup.download\dw\iview450_setup.exe(IrfanView)
    • http:\\cdn3.msetup.download\dw\krita-3.3.2-x86-setup.exe(Krita)
    • http:\\cdn3.msetup.download\MovaviScreenCaptureSetupC.exe(Movavi Screen Recorder Studio)
    • http:\\cdn3.msetup.download\dw\RocketDock-v1.3.5.exe(RocketDock)
    • http:\\cdn3.msetup.download\dw\Video-Editor-Pro.zip(Free Video Editor)
    • http:\\cdn3.msetup.download\dw\FreeStudio_6.6.39.707_o.exe(Free Studio)
    • http:\\cdn3.msetup.download\dw\VirtualDub.v1.10.4.exe(VirtualDub)
    • http:\\cdn3.msetup.download\CameraRaw_11_3_win.zip(Adobe Camera Raw)
    • http:\\cdn3.msetup.download\dw\Grass_Valley_EDIUS.zip(Edius)
    • http:\\cdn3.msetup.download\pstagesetup.exe(PhotoStage Slideshow Producer)
    • http:\\cdn3.msetup.download\dw\avidemux_2.7.0_win32.exe(Avidemux)
    • http:\\cdn3.msetup.download\dw\Music-Maker-2016-Premium.zip(Magix Music Maker)
    • http:\\cdn3.msetup.download\dw\Rainmeter-4.2.exe(Rainmeter)
    • http:\\cdn3.msetup.download\MovaviVideoConverterSetupC.exe(Movavi Video Converter)
    • http:\\cdn3.msetup.download\dw\ZunePackage.exe(Zune)
    • http:\\cdn3.msetup.download\dw\Inkscape-0.92.1-1.exe(Inkscape)
    • http:\\cdn3.msetup.download\Cockos_REAPER.zip(Cockos reaper)
    • http:\\cdn3.msetup.download\dw\HomeBank-5.2.2-setup.exe(HomeBank)
    • http:\\cdn3.msetup.download\dw\Miro-6.0.exe(MIRO)
    • https:\\www.az-partners.net\apps\comboplayer\download?ap=677(ComboPlayer)
    • http:\\cdn3.msetup.download\foobar2000_v1.4.8.exe(foobar2000)
    • http:\\cdn3.msetup.download\sunvox-1.9.4c.zip(SunVox)
    • http:\\cdn3.msetup.download\mp3tagv299asetup.exe(Mp3tag)
  • [Office Applications]
    • http:\\cdn3.msetup.download\WinZip.Pro-23.0.13431.zip(WinZip)
    • http:\\cdn3.msetup.download\MathType-7.4.1.458.zip(MathType)
    • http:\\cdn3.msetup.download\soda-pdf-setup.exe(Soda PDF)
    • http:\\cdn3.msetup.download\ScanToolSetup.zip(ScanTool Pro 1.0)
    • http:\\cdn3.msetup.download\SpravkiBKsetup_ver._2.4.1.msi(BK Help)
    • http:\\cdn3.msetup.download\WinScan2PDF.zip(WinScan2PDF)
    • http:\\cdn3.msetup.download\kumir2-2.1.0-rc7-install.exe(Kumir)
    • http:\\cdn3.msetup.download\ScreenToGif.2.17.1.Portable.zip(ScreenToGif)
    • http:\\cdn3.msetup.download\screen_scissors.zip(Screen Scissors)
    • http:\\cdn3.msetup.download\ScanLiteSetupVer1_1.exe(ScanLite)
  • [Security, Internet]
    • http:\\cdn3.msetup.download\dw\pplus.exe(Proxy Plus)
  • [System, Development]
    • http:\\cdn3.msetup.download\ideaIU-2019.1.2.exe(IntelliJ IDEA)
  • [System, Drivers]
    • http:\\cdn3.msetup.download\dw\instspeedfan452.exe(SpeedFan)
    • https:\\www.az-partners.net\apps\driver-hub\download?ap=677(DriverHub)
  • [System, Games]
    • http:\\cdn3.msetup.download\dw\RazerGameBoosterSetup_4.2.45.0.exe(Razer Game Booster)
  • [System]
    • http:\\cdn3.msetup.download\dw\avast_free_antivirus_setup_online.exe(Avast Free Antivirus)
    • http:\\cdn3.msetup.download\wrar570.exe(WinRAR)
    • http:\\cdn3.msetup.download\winrar-x64-570.exe(WinRAR 64 bit)
    • http:\\cdn3.msetup.download\dw\freepdfreader.exe(PDF Reader)
    • http:\\cdn3.msetup.download\dw\BlueStacks_Installer_BS3.exe(BlueStacks)
    • http:\\cdn3.msetup.download\dw\Total_Commander_9.12_Final.zip(Total Commander)
    • http:\\cdn3.msetup.download\dw\driver_booster_setup.exe(Driver Booster Free)
    • http:\\cdn3.msetup.download\readerdc_ru_a_install.zip(Adobe Reader)
    • http:\\cdn3.msetup.download\dw\iTunesSetup.exe(iTunes)
    • http:\\cdn3.msetup.download\dw\clean_master_1_1.exe(Clean Master)
    • http:\\cdn3.msetup.download\dw\7z1604.exe(7-Zip)
    • http:\\cdn3.msetup.download\dw\nox_setup_v6.0.1.0_full_intl.exe(Nox App Player)
    • http:\\cdn3.msetup.download\dw\DjVuReader.2.0.0.26.rus.zip(DjVu reader)
    • http:\\cdn3.msetup.download\dw\memreduct-3.3-setup.exe(Mem Reduct)
    • http:\\cdn3.msetup.download\dw\MSI_Afterburner_4.4.0_Final_Rus.exe(MSI Afterburner)
    • http:\\cdn3.msetup.download\dw\VirtualBox_5.2.2_119230_Win.exe(VirtualBox)
    • http:\\cdn3.msetup.download\dw\SHAREit.exe(SHAREit)
    • http:\\cdn3.msetup.download\dw\rufus-2.18.exe(Rufus)
    • http:\\cdn3.msetup.download\dw\ArtMoney_8.00_SE.exe(ArtMoney)
    • http:\\cdn3.msetup.download\dw\Scratch_458.0.1.exe(Scratch)
    • http:\\cdn3.msetup.download\dw\MSEInstall_x86.exe(Microsoft Security Essentials)
    • http:\\cdn3.msetup.download\kfa18.0.0.405en_full.exe(Kaspersky Free)
    • http:\\cdn3.msetup.download\360TS_Setup_Mini_WW_Installpro_CPS202001_6.6.0.1053.exe(360 Total Security)
    • http:\\cdn3.msetup.download\dw\eav_nt32.exe(NOD32)
    • http:\\cdn3.msetup.download\dw\FastComputer.exe(Fast Computer)
    • http:\\cdn3.msetup.download\dw\npp.7.4.1.32-86Installer.exe(Notepad++)
    • http:\\cdn3.msetup.download\dw\Intel-Driver-and-Support-Assistant-Installer.exe(Intel Driver)
    • http:\\cdn3.msetup.download\dw\Dr-Web-CureIt-02-01-2018.exe(Dr.Web CureIt!)
    • http:\\cdn3.msetup.download\dw\adwcleaner_7.0.8.0.exe(AdwCleaner)
    • http:\\cdn3.msetup.download\dw\rcsetup153.exe(Recuva)
    • http:\\cdn3.msetup.download\dw\cpu-z_1.81-en.exe(CPU-Z)
    • http:\\cdn3.msetup.download\Xpadder.v5.7.zip(Xpadder)
    • http:\\cdn3.msetup.download\dw\cr3_win32_qt_opengl_3.3.61.zip(Cool Reader)
    • http:\\cdn3.msetup.download\dw\Nokia_PC_Suite_7.1.180.94_rus.exe(Nokia PC Suite)
    • http:\\cdn3.msetup.download\dw\CrystalDiskInfo_7.5.1.exe(CrystalDiskInfo)
    • http:\\cdn3.msetup.download\dw\Victoria_HDD_446.exe(Victoria HDD)
    • http:\\cdn3.msetup.download\dw\ClassicShellSetup_4_3_1-ru.exe(Classic Shell)
    • http:\\cdn3.msetup.download\dw\chemaxrus188.exe(CheMax)
    • http:\\cdn3.msetup.download\dw\Andy_46.16_66_x86.exe(Andy)
    • http:\\cdn3.msetup.download\vc_redist.x64.exe(Microsoft Visual C++ x64)
    • http:\\cdn3.msetup.download\JavaSetup8u211.exe(Java 8 Runtime)
    • http:\\cdn3.msetup.download\dw\PuntoSwitcherSetup.exe(Punto Switcher)
    • http:\\cdn3.msetup.download\dw\KiesSetup.exe(Samsung Kies)
    • http:\\cdn3.msetup.download\dw\hr.exe(HDD Regenerator)
    • http:\\cdn3.msetup.download\dw\IVT_BlueSoleil_10.0.497.0.zip(BlueSoleil)
    • http:\\cdn3.msetup.download\vc_redist.x86.exe(Microsoft Visual C++ x86)
    • http:\\cdn3.msetup.download\dw\FBReaderSetup_0.12.10.exe(FBReader)
    • http:\\cdn3.msetup.download\dw\ASUS_BIOS_Live_Update.zip(ASUS Update)
    • http:\\cdn3.msetup.download\dw\mcafee_trial_setup_433.0207_key.exe(Mcafee)
    • http:\\cdn3.msetup.download\dw\KingoRootSetup_1.5.5.3207.exe(Kingo Root)
    • http:\\cdn3.msetup.download\dw\MediaCreationTool1809.exe(Media Creation Tool)
    • http:\\cdn3.msetup.download\dw\HDDLLFsetup_4.40.zip(HDD Low LevelFormat Tool)
    • http:\\cdn3.msetup.download\dw\arduino-1.8.5-windows.exe(Arduino)
    • http:\\cdn3.msetup.download\Win_10_Tweaker_14.3.exe(Win 10 Tweaker Pro)
    • http:\\cdn3.msetup.download\dw\MultiBoot.exe(MultiBoot)
    • http:\\cdn3.msetup.download\dw\LibreOffice_5.4.4_Win_x86.msi.zip(LibreOffice)
    • http:\\cdn3.msetup.download\fpsmon-5075.exe(FPS Monitor)
    • http:\\cdn3.msetup.download\avg_tuneup_setup.exe(AVG PC TuneUp)
    • http:\\cdn3.msetup.download\dw\RazerCortexSetup_8.4.17.561.exe(Razer Cortex)
    • http:\\cdn3.msetup.download\DDU_v18.0.2.1.exe(Display Driver Uninstaller)
    • http:\\cdn3.msetup.download\dw\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7565.exe(Malwarebytes Anti-Malware)
    • http:\\cdn3.msetup.download\dw\SetupImgBurn_2.5.8.0.exe(ImgBurn)
    • http:\\cdn3.msetup.download\dw\WiseCare_PRO_365_4.7.5.458.exe(Wise Care 365 Pro)
    • http:\\cdn3.msetup.download\dw\Foxit_Reader_9.0.exe(Foxit Reader)
    • http:\\cdn3.msetup.download\dw\Glary_Utilities_5.89.0.110.exe(Glary Utilities)
    • http:\\cdn3.msetup.download\dw\CPU_Control.zip(CPU Control)
    • http:\\cdn3.msetup.download\dw\DG_Setup.exe(Driver Genius)
    • http:\\cdn3.msetup.download\dw\CrystalDiskInfo8_0_0.exe(CrystalDiskMark)
    • http:\\cdn3.msetup.download\GPU-Z.2.21.0.exe(GPU-Z)
    • http:\\cdn3.msetup.download\dw\testdisk-7.1-win.zip(TestDisk)
    • http:\\cdn3.msetup.download\dw\Core-Temp-setup.exe(Core Temp)
    • http:\\cdn3.msetup.download\dw\eclipse-inst-win64.exe(Eclipse)
    • http:\\cdn3.msetup.download\oalinst.exe(OpenAL)
    • http:\\cdn3.msetup.download\dw\Far30b5100.x86.20171126.msi(FAR Manager)
    • http:\\cdn3.msetup.download\dw\hetman_partition_recovery.exe(Hetman Partition Recovery)
    • http:\\cdn3.msetup.download\CleanMyPC.exe(CleanMyPC)
    • http:\\cdn3.msetup.download\dw\calibre-3.16.0.msi(Calibre)
    • http:\\cdn3.msetup.download\PAssist_Std.exe(AOMEI Partition Assistant)
    • http:\\cdn3.msetup.download\dw\Kerish_Doctor_4.65.exe(Kerish Doctor)
    • http:\\cdn3.msetup.download\dw\mhdd32ver4.6.iso(MHDD)
    • http:\\cdn3.msetup.download\dw\stduviewer.exe(STDU Viewer)
    • http:\\cdn3.msetup.download\dw\Sublime_Text_Build_3176_Setup.exe(Sublime Text)
    • http:\\cdn3.msetup.download\dw\fb2reader.zip(FB2 Reader)
    • http:\\cdn3.msetup.download\dw\HWMonitor_x32_1.31_Rus.exe(HWMonitor)
    • http:\\cdn3.msetup.download\dw\ActiveSync.msi(ActiveSync)
    • http:\\cdn3.msetup.download\dw\rivatuner.zip(RivaTuner)
    • http:\\cdn3.msetup.download\dw\HDDScan_v4.0.zip(HDDScan)
    • http:\\cdn3.msetup.download\IObit-Malware-Fighter-Setup.exe(IObit Malware Fighter)
    • http:\\cdn3.msetup.download\dw\Eraser_6.2.0.2979.exe(Eraser)
    • http:\\cdn3.msetup.download\dw\Antivirus_Free_x86_1819.exe(AVG Antivirus)
    • http:\\cdn3.msetup.download\dw\Internet_Security_x86_1821.exe(AVG Internet Security)
    • http:\\cdn3.msetup.download\reiboot.exe(Tenorshare ReiBoot)
    • http:\\cdn3.msetup.download\ProcessExplorer.zip(Process Explorer)
    • http:\\cdn3.msetup.download\dw\Firebird_Win32.exe(Firebird)
    • http:\\cdn3.msetup.download\litemanager_4.9.zip(Litemanager Pro)
    • http:\\cdn3.msetup.download\Unlocker_1.9.2.exe(Unlocker)
    • http:\\cdn3.msetup.download\Uninstall_Tool.zip(Uninstall Tool)
    • http:\\cdn3.msetup.download\reg-organizer-setup.exe(Reg Organizer)
    • http:\\cdn3.msetup.download\RStudio8.exe(R-Studio)
    • http:\\cdn3.msetup.download\Novicorp_WinToFlash_Pro_v1.12.0.exe(WinToFlash)
    • http:\\cdn3.msetup.download\WinSetupFromUSB-1-9.exe(WinSetupFromUSB)
    • http:\\cdn3.msetup.download\EasyBCD_2.4.exe(EasyBCD)
    • http:\\cdn3.msetup.download\AutoHotkey_1.1.30.03_setup.exe(AutoHotkey)
    • http:\\cdn3.msetup.download\MemTest.zip(MemTest)
    • http:\\cdn3.msetup.download\parkcontrolsetup64.exe(ParkControl 64bit)
    • http:\\cdn3.msetup.download\dxcpl.zip(Dxcpl)
    • http:\\cdn3.msetup.download\microsoftvisualcpp.zip(Microsoft VisualC++ Full)
    • http:\\cdn3.msetup.download\RegCleaner736.exe(TweakNow RegCleaner)

It saves the files it downloads using the following names:

  • Default {Download Folder} is %User Profile%\Downloads\Downloads msetup
  • [Development]
    • {Download Folder}\java-development-kit.exe
  • [Drivers]
    • {Download Folder}\physx-nvidia.exe
  • [Games]
    • {Download Folder}\desktop-games.exe
    • {Download Folder}\oscar-editor.exe
    • {Download Folder}\games-mail-ru.exe
    • {Download Folder}\vimeworld.exe
    • {Download Folder}\minecraft-tlauncher.exe
    • {Download Folder}\tlauncher.exe
    • {Download Folder}\punk-buster.exe
  • [Internet, Games]
    • {Download Folder}\epic-games-launcher.exe
  • [Internet]
    • {Download Folder}\yandex-browser.exe
    • {Download Folder}\opera.exe
    • {Download Folder}\adguard.exe
    • {Download Folder}\skype.exe
    • {Download Folder}\telegram.exe
    • {Download Folder}\steam.exe
    • {Download Folder}\whatsapp.exe
    • {Download Folder}\discord.exe
    • {Download Folder}\viber.exe
    • {Download Folder}\savefrom.exe
    • {Download Folder}\utorrent.exe
    • {Download Folder}\ammyy-admin.exe
    • {Download Folder}\tor.exe
    • {Download Folder}\internet-explorer.exe
    • {Download Folder}\adobe-flash-player.exe
    • {Download Folder}\team-viewer.exe
    • {Download Folder}\firefox.exe
    • {Download Folder}\glaz-tv.exe
    • {Download Folder}\google-earth.exe
    • {Download Folder}\ip-tv-player.exe
    • {Download Folder}\vksaver.exe
    • {Download Folder}\2gis.exe
    • {Download Folder}\safari.exe
    • {Download Folder}\vkmusic.exe
    • {Download Folder}\raidcall.exe
    • {Download Folder}\obs-studio.exe
    • {Download Folder}\teamspeak.exe
    • {Download Folder}\virtual-router.exe
    • {Download Folder}\drug-vokrug.exe
    • {Download Folder}\unity-web-player.exe
    • {Download Folder}\download-master.exe
    • {Download Folder}\pcradio.exe
    • {Download Folder}\yandex-disk.exe
    • {Download Folder}\origin.exe
    • {Download Folder}\hamachi.exe
    • {Download Folder}\tunnelbear.exe
    • {Download Folder}\google-drive.exe
    • {Download Folder}\microsoft-net-framework.exe
    • {Download Folder}\microsoft-edge.exe
    • {Download Folder}\openvpn.exe
    • {Download Folder}\supremo.exe
    • {Download Folder}\youtube-downloader.exe
    • {Download Folder}\k-meleon.exe
    • {Download Folder}\cloud-mail.exe
    • {Download Folder}\amigo.exe
    • {Download Folder}\tlauncherorg.exe
    • {Download Folder}\icq.exe
    • {Download Folder}\google-chrome.exe
    • {Download Folder}\sas-planeta-2019.exe
    • {Download Folder}\uc_browser.exe
    • {Download Folder}\filezilla.exe
    • {Download Folder}\maxthon.exe
    • {Download Folder}\hotspot-shield.exe
    • {Download Folder}\mozilla-thunderbird.exe
    • {Download Folder}\mypublicwifi.exe
    • {Download Folder}\internet-download-manager.exe
    • {Download Folder}\tv-player-classic.exe
    • {Download Folder}\line.exe
    • {Download Folder}\dropbox.exe
    • {Download Folder}\dc_plus_plus.exe
    • {Download Folder}\uplay.exe
    • {Download Folder}\the-bat.exe
    • {Download Folder}\silverlight.exe
    • {Download Folder}\qbittorrent.exe
    • {Download Folder}\wechat.exe
    • {Download Folder}\emule.exe
    • {Download Folder}\qip.exe
    • {Download Folder}\anydesk.exe
    • {Download Folder}\oovoo.exe
    • {Download Folder}\slack.exe
    • {Download Folder}\putty.exe
    • {Download Folder}\zello.exe
    • {Download Folder}\charles.exe
    • {Download Folder}\pale-moon.exe
    • {Download Folder}\winscp.exe
    • {Download Folder}\transmission.exe
    • {Download Folder}\vivaldi.exe
    • {Download Folder}\evernote.exe
    • {Download Folder}\clownfish.exe
    • {Download Folder}\radmin.exe
    • {Download Folder}\bittorrent.exe
    • {Download Folder}\chromium.exe
    • {Download Folder}\teamviewer.exe
    • {Download Folder}\shareman.exe
    • {Download Folder}\zoom.exe
    • {Download Folder}\qip-2005.exe
    • {Download Folder}\qip-infium.exe
  • [Multimedia, Development]
    • {Download Folder}\autodesk-sketchbook-pro.exe
  • [Multimedia]
    • {Download Folder}\paint-tool-sai.exe
    • {Download Folder}\directx.exe
    • {Download Folder}\bandicam.exe
    • {Download Folder}\windows-media-player.exe
    • {Download Folder}\k-lite.exe
    • {Download Folder}\kmplayer.exe
    • {Download Folder}\aimp.exe
    • {Download Folder}\realtek-hd.exe
    • {Download Folder}\sketchup.exe
    • {Download Folder}\vlc.exe
    • {Download Folder}\livemoviemaker.exe
    • {Download Folder}\nvidia-inspector.exe
    • {Download Folder}\nvidia-geforce.exe
    • {Download Folder}\fl-studio.exe
    • {Download Folder}\openoffice.exe
    • {Download Folder}\morphvox-pro.exe
    • {Download Folder}\videopad-video-editor.exe
    • {Download Folder}\nvidia-physx.exe
    • {Download Folder}\paintnet.exe
    • {Download Folder}\winamp.exe
    • {Download Folder}\pinnacle-studio.exe
    • {Download Folder}\xvid.exe
    • {Download Folder}\blender.exe
    • {Download Folder}\gimp.exe
    • {Download Folder}\picasa.exe
    • {Download Folder}\format-factory.exe
    • {Download Folder}\faststone_image_viewer.exe
    • {Download Folder}\fraps.exe
    • {Download Folder}\gom-player.exe
    • {Download Folder}\audacity.exe
    • {Download Folder}\itools.exe
    • {Download Folder}\movavi-video-editor.exe
    • {Download Folder}\sopcast.exe
    • {Download Folder}\geforce-experience.exe
    • {Download Folder}\proshow-producer.exe
    • {Download Folder}\amd-catalyst-control-center.exe
    • {Download Folder}\faststone-capture.exe
    • {Download Folder}\wondershare-filmora.exe
    • {Download Folder}\freemake-video-converter.exe
    • {Download Folder}\jetaudio.exe
    • {Download Folder}\sweet-home-3d.exe
    • {Download Folder}\lightshot.exe
    • {Download Folder}\anime-studio-pro.exe
    • {Download Folder}\shotcut.exe
    • {Download Folder}\furmark.exe
    • {Download Folder}\daum-potplayer.exe
    • {Download Folder}\photoscape.exe
    • {Download Folder}\xnview.exe
    • {Download Folder}\divx.exe
    • {Download Folder}\light-alloy.exe
    • {Download Folder}\vuescan.exe
    • {Download Folder}\irfanview.exe
    • {Download Folder}\krita.exe
    • {Download Folder}\movavi-screen-recorder.exe
    • {Download Folder}\rocketdock.exe
    • {Download Folder}\free-video-editor.exe
    • {Download Folder}\free-studio.exe
    • {Download Folder}\virtualdub.exe
    • {Download Folder}\adobe-camera-raw.exe
    • {Download Folder}\edius.exe
    • {Download Folder}\photostage-slideshow-producer.exe
    • {Download Folder}\avidemux.exe
    • {Download Folder}\magix-music-maker.exe
    • {Download Folder}\rainmeter.exe
    • {Download Folder}\movavi-video-converter.exe
    • {Download Folder}\zune.exe
    • {Download Folder}\inkscape.exe
    • {Download Folder}\cockos-reaper.exe
    • {Download Folder}\homebank.exe
    • {Download Folder}\miro.exe
    • {Download Folder}\comboplayer.exe
    • {Download Folder}\foobar2000.exe
    • {Download Folder}\sunvox.exe
    • {Download Folder}\mp3tag.exe
  • [Office Applications]
    • {Download Folder}\winzip.exe
    • {Download Folder}\mathtype.exe
    • {Download Folder}\soda-pdf.exe
    • {Download Folder}\scantool.exe
    • {Download Folder}\spravki-bk.exe
    • {Download Folder}\winscan2pdf.exe
    • {Download Folder}\kumir.exe
    • {Download Folder}\screentogif.exe
    • {Download Folder}\ekrannie-nozshnitsi.exe
    • {Download Folder}\scanlite.exe
  • [Security, Internet]
    • {Download Folder}\proxy-plus.exe
  • [System, Development]
    • {Download Folder}\intellij-idea.exe
  • [System, Drivers]
    • {Download Folder}\speedfan.exe
    • {Download Folder}\driverhub.exe
  • [System, Games]
    • {Download Folder}\razer-game-booster.exe
  • [System]
    • {Download Folder}\avast-free-antivirus.exe
    • {Download Folder}\winrar.exe
    • {Download Folder}\winrar-32-64-bit.exe
    • {Download Folder}\pdf-reader.exe
    • {Download Folder}\bluestacks.exe
    • {Download Folder}\total-commander.exe
    • {Download Folder}\driver-booster-free.exe
    • {Download Folder}\adobe-reader.exe
    • {Download Folder}\itunes.exe
    • {Download Folder}\clean-master.exe
    • {Download Folder}\7-zip.exe
    • {Download Folder}\nox-app-player.exe
    • {Download Folder}\djvu-reader.exe
    • {Download Folder}\mem-reduct.exe
    • {Download Folder}\msi-afterburner.exe
    • {Download Folder}\virtualbox.exe
    • {Download Folder}\shareit.exe
    • {Download Folder}\rufus.exe
    • {Download Folder}\artmoney.exe
    • {Download Folder}\scratch.exe
    • {Download Folder}\microsoft-security-essentials.exe
    • {Download Folder}\kaspersky-free.exe
    • {Download Folder}\360-total-security.exe
    • {Download Folder}\nod32.exe
    • {Download Folder}\uskoritel-komputera.exe
    • {Download Folder}\notepad.exe
    • {Download Folder}\intel-driver.exe
    • {Download Folder}\dr-web-cuteit.exe
    • {Download Folder}\adwcleaner.exe
    • {Download Folder}\recuva.exe
    • {Download Folder}\cpu-z.exe
    • {Download Folder}\xpadder.exe
    • {Download Folder}\cool-reader.exe
    • {Download Folder}\nokia-pc-suite.exe
    • {Download Folder}\crystaldiskinfo.exe
    • {Download Folder}\victoria-hdd.exe
    • {Download Folder}\classic-shell.exe
    • {Download Folder}\chemax.exe
    • {Download Folder}\andy.exe
    • {Download Folder}\ms-vc-redist-x64.exe
    • {Download Folder}\java.exe
    • {Download Folder}\punto-switcher.exe
    • {Download Folder}\samsung-kies.exe
    • {Download Folder}\hdd-regenerator.exe
    • {Download Folder}\bluesoleil.exe
    • {Download Folder}\ms-vc-redist-x86.exe
    • {Download Folder}\fbreader.exe
    • {Download Folder}\asus.exe
    • {Download Folder}\mcafee.exe
    • {Download Folder}\kingo-root.exe
    • {Download Folder}\media-creation-tool.exe
    • {Download Folder}\hdd-low-level-format-tool.exe
    • {Download Folder}\arduino.exe
    • {Download Folder}\win-10-tweaker-pro.exe
    • {Download Folder}\multiboot.exe
    • {Download Folder}\libreoffice.exe
    • {Download Folder}\fps-monitor.exe
    • {Download Folder}\avg-pc-tuneup.exe
    • {Download Folder}\razer-cortex.exe
    • {Download Folder}\display-driver-uninstaller.exe
    • {Download Folder}\malwarebytes-anti-malware.exe
    • {Download Folder}\imgburn.exe
    • {Download Folder}\wise-care-365-pro.exe
    • {Download Folder}\foxitreader.exe
    • {Download Folder}\glary-utilities.exe
    • {Download Folder}\cpu-control.exe
    • {Download Folder}\driver-genius.exe
    • {Download Folder}\crystaldiskmark.exe
    • {Download Folder}\gpu-z.exe
    • {Download Folder}\testdisk.exe
    • {Download Folder}\core-temp.exe
    • {Download Folder}\eclipse.exe
    • {Download Folder}\openal.exe
    • {Download Folder}\far-manager.exe
    • {Download Folder}\hetman-partition-recovery.exe
    • {Download Folder}\cleanmypc.exe
    • {Download Folder}\calibre.exe
    • {Download Folder}\aomei-partition-assistant.exe
    • {Download Folder}\kerish-doctor.exe
    • {Download Folder}\mhdd.exe
    • {Download Folder}\stdu-viewer.exe
    • {Download Folder}\sublime-text.exe
    • {Download Folder}\fb2-reader.exe
    • {Download Folder}\hwmonitor.exe
    • {Download Folder}\activesync.exe
    • {Download Folder}\rivatuner.exe
    • {Download Folder}\hddscan.exe
    • {Download Folder}\iobit-malware-fighter.exe
    • {Download Folder}\eraser.exe
    • {Download Folder}\avg-antivirus.exe
    • {Download Folder}\avg-internet-security.exe
    • {Download Folder}\tenorshare-reiboot.exe
    • {Download Folder}\process-explorer.exe
    • {Download Folder}\firebird.exe
    • {Download Folder}\litemanager-pro.exe
    • {Download Folder}\unlocker.exe
    • {Download Folder}\uninstall-tool.exe
    • {Download Folder}\reg-organizer.exe
    • {Download Folder}\r-studio.exe
    • {Download Folder}\wintoflash.exe
    • {Download Folder}\winsetupfromusb.exe
    • {Download Folder}\easybcd.exe
    • {Download Folder}\autohotkey.exe
    • {Download Folder}\memtest.exe
    • {Download Folder}\parkcontrol-64bit.exe
    • {Download Folder}\dxcpl.exe
    • {Download Folder}\msvcpp-redist-full.exe
    • {Download Folder}\tweaknow-regcleaner

(Note: %User Profile% is the current user's profile folder, which is usually C:\Documents and Settings\{user name} on Windows 2000(32-bit), XP, and Server 2003(32-bit), or C:\Users\{user name} on Windows Vista, 7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit).)

Other Details

This Potentially Unwanted Application connects to the following website to send and receive information:

  • https://api.{BLOCKED}p.pro

It does the following:

  • Shows the following when executed:
    • Выбор программ → Program Selection
    • Рекомендации и подтверждение → Recommendations and confirmation
      • Pressing the button on the left downloads and install avast with the chosen programs
    • Процессе загрузки → Boot process
      • Checking the checkboxes downloads and installs Yandex

  SOLUTION

Minimum Scan Engine:

9.850

SSAPI PATTERN File:

2.277.00

SSAPI PATTERN Date:

16 Apr 2020

Step 1

Before doing any scans, Windows 7, Windows 8, Windows 8.1, and Windows 10 users must disable System Restore to allow full scanning of their computers.

Step 2

Note that not all files, folders, and registry keys and entries are installed on your computer during this malware's/spyware's/grayware's execution. This may be due to incomplete installation or other operating system conditions. If you do not find the same files/folders/registry information, please proceed to the next step.

Step 3

Search and delete these folders

[ Learn More ]
Please make sure you check the Search Hidden Files and Folders checkbox in the More advanced options option to include all hidden folders in the search result.  
  • %User Temp%\msetup
  • %User Temp%\msetup\icons

Step 4

Search and delete this file

[ Learn More ]
There may be some files that are hidden. Please make sure you check the Search Hidden Files and Folders checkbox in the "More advanced options" option to include all hidden files and folders in the search result.
  • %User Temp%\multi_setup.log
  • %User Temp%\msetup\msetup.json
  • %User Temp%\5e8c8366-a94d4.cab

Step 5

Scan your computer with your Trend Micro product to delete files detected as PUA.Win32.MulSetup.THA. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check the following Trend Micro Support pages for more information:


Did this description help? Tell us how we did.