File name:

Madium-Launcher.exe

Full analysis: https://app.any.run/tasks/4afab0fc-5733-4519-8508-af6dc24634f6
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: April 03, 2026, 08:57:11
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
github
rust
loader
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32+ executable (console) x86-64, for MS Windows, 10 sections
MD5:

B6A989CA0E54D320516E476952805CD0

SHA1:

F2ACA808016392BEF6BBFDC9E71CD008A0D4B408

SHA256:

2EE90A1EA33CABB04324C4C81FBF5E10324555DAA15A5CE1CCA057C12E61B096

SSDEEP:

98304:Xs0/YbjLQLzPShX3y9+FX1Wq1nk3LwtiXNfwaMPnfYrAkzwfbEXm7qMMNxwosU33:A/q5ZKB2Us6Qo1NxqDEExSq735

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 14832)

    • Potential DLL hijacking behavior detected

      • msedgewebview2.exe (PID: 12448)

  • SUSPICIOUS

    • Hides command output

      • cmd.exe (PID: 4328)

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 4328)
      • cmd.exe (PID: 8156)
      • cmd.exe (PID: 9904)
      • cmd.exe (PID: 15292)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 4328)

    • Reads the date of Windows installation

      • Madium-Launcher.exe (PID: 3340)
      • Madium-Launcher.exe (PID: 7960)
      • Madium-Launcher.exe (PID: 15212)

    • Executable content was dropped or overwritten

      • Madium-Launcher.exe (PID: 3340)
      • MicrosoftEdgeWebView2RuntimeInstallerX86.exe (PID: 14332)
      • MicrosoftEdgeUpdate.exe (PID: 14832)
      • MicrosoftEdgeWebview_X86_146.0.3856.97.exe (PID: 10504)
      • setup.exe (PID: 9220)
      • MicrosoftEdgeWebview2Setup.exe (PID: 13540)
      • MicrosoftEdge_X64_146.0.3856.97.exe (PID: 12776)
      • setup.exe (PID: 14476)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 14832)
      • MicrosoftEdgeUpdate.exe (PID: 12828)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 14832)
      • MicrosoftEdgeUpdate.exe (PID: 12828)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 9108)
      • MicrosoftEdgeUpdate.exe (PID: 14144)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7960)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 10892)

    • The process drops C-runtime libraries

      • setup.exe (PID: 9220)
      • setup.exe (PID: 14476)

    • Searches for installed software

      • setup.exe (PID: 9220)
      • setup.exe (PID: 14476)

    • Application launched itself

      • MicrosoftEdgeUpdate.exe (PID: 9284)
      • MicrosoftEdgeUpdate.exe (PID: 12036)
      • msedgewebview2.exe (PID: 12736)

  • INFO

    • Manual execution by a user

      • msedge.exe (PID: 3324)
      • Madium-Launcher.exe (PID: 6812)
      • Madium-Launcher.exe (PID: 7960)
      • Madium-Launcher.exe (PID: 7928)
      • Madium-Launcher.exe (PID: 15212)

    • Reads the machine GUID from the registry

      • Madium-Launcher.exe (PID: 3340)
      • MicrosoftEdgeUpdate.exe (PID: 9284)
      • Madium-Launcher.exe (PID: 7960)
      • MicrosoftEdgeUpdate.exe (PID: 12036)
      • Madium-Launcher.exe (PID: 15212)
      • msedgewebview2.exe (PID: 12736)

    • Checks supported languages

      • Madium-Launcher.exe (PID: 3340)
      • Madium.exe (PID: 7664)
      • identity_helper.exe (PID: 8316)
      • MicrosoftEdgeWebView2RuntimeInstallerX86.exe (PID: 14332)
      • MicrosoftEdgeUpdate.exe (PID: 14832)
      • MicrosoftEdgeUpdate.exe (PID: 14144)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 9108)
      • MicrosoftEdgeUpdate.exe (PID: 9576)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 10892)
      • MicrosoftEdgeUpdate.exe (PID: 9284)
      • MicrosoftEdgeUpdate.exe (PID: 9272)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7960)
      • MicrosoftEdgeWebview_X86_146.0.3856.97.exe (PID: 10504)
      • setup.exe (PID: 9220)
      • MicrosoftEdgeUpdate.exe (PID: 6148)
      • Madium-Launcher.exe (PID: 7960)
      • Madium.exe (PID: 14776)
      • MicrosoftEdgeWebview2Setup.exe (PID: 13540)
      • MicrosoftEdgeUpdate.exe (PID: 12828)
      • MicrosoftEdgeUpdate.exe (PID: 12816)
      • MicrosoftEdgeUpdate.exe (PID: 14036)
      • MicrosoftEdgeUpdate.exe (PID: 13128)
      • MicrosoftEdgeUpdate.exe (PID: 12036)
      • MicrosoftEdge_X64_146.0.3856.97.exe (PID: 12776)
      • setup.exe (PID: 14476)
      • Madium-Launcher.exe (PID: 15212)
      • MicrosoftEdgeUpdate.exe (PID: 15048)
      • Madium.exe (PID: 13660)
      • msedgewebview2.exe (PID: 12736)
      • msedgewebview2.exe (PID: 12448)
      • msedgewebview2.exe (PID: 14668)
      • msedgewebview2.exe (PID: 12284)
      • msedgewebview2.exe (PID: 6384)
      • msedgewebview2.exe (PID: 14752)

    • Creates files or folders in the user directory

      • Madium-Launcher.exe (PID: 3340)
      • MicrosoftEdgeUpdate.exe (PID: 14832)
      • MicrosoftEdgeUpdate.exe (PID: 9284)
      • MicrosoftEdgeWebview_X86_146.0.3856.97.exe (PID: 10504)
      • setup.exe (PID: 9220)
      • MicrosoftEdgeUpdate.exe (PID: 12036)
      • MicrosoftEdge_X64_146.0.3856.97.exe (PID: 12776)
      • setup.exe (PID: 14476)
      • msedgewebview2.exe (PID: 12736)
      • msedgewebview2.exe (PID: 14668)
      • msedgewebview2.exe (PID: 12284)

    • Reads the computer name

      • Madium-Launcher.exe (PID: 3340)
      • Madium.exe (PID: 7664)
      • identity_helper.exe (PID: 8316)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 9108)
      • MicrosoftEdgeUpdate.exe (PID: 14832)
      • MicrosoftEdgeUpdate.exe (PID: 14144)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 7960)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 10892)
      • MicrosoftEdgeUpdate.exe (PID: 9576)
      • MicrosoftEdgeUpdate.exe (PID: 9272)
      • MicrosoftEdgeUpdate.exe (PID: 9284)
      • MicrosoftEdgeWebview_X86_146.0.3856.97.exe (PID: 10504)
      • setup.exe (PID: 9220)
      • MicrosoftEdgeUpdate.exe (PID: 6148)
      • Madium-Launcher.exe (PID: 7960)
      • Madium.exe (PID: 14776)
      • MicrosoftEdgeUpdate.exe (PID: 12828)
      • MicrosoftEdgeUpdate.exe (PID: 12816)
      • MicrosoftEdgeUpdate.exe (PID: 13128)
      • MicrosoftEdgeUpdate.exe (PID: 14036)
      • MicrosoftEdgeUpdate.exe (PID: 12036)
      • MicrosoftEdge_X64_146.0.3856.97.exe (PID: 12776)
      • setup.exe (PID: 14476)
      • MicrosoftEdgeUpdate.exe (PID: 15048)
      • Madium-Launcher.exe (PID: 15212)
      • Madium.exe (PID: 13660)
      • msedgewebview2.exe (PID: 12736)
      • msedgewebview2.exe (PID: 12448)
      • msedgewebview2.exe (PID: 12284)

    • Create files in a temporary directory

      • Madium-Launcher.exe (PID: 3340)
      • MicrosoftEdgeWebView2RuntimeInstallerX86.exe (PID: 14332)
      • MicrosoftEdgeUpdate.exe (PID: 14832)
      • MicrosoftEdgeWebview2Setup.exe (PID: 13540)
      • msedgewebview2.exe (PID: 12736)

    • Reads security settings of Internet Explorer

      • Madium-Launcher.exe (PID: 3340)
      • MicrosoftEdgeUpdate.exe (PID: 14832)
      • MicrosoftEdgeUpdate.exe (PID: 9284)
      • Madium-Launcher.exe (PID: 7960)
      • Madium.exe (PID: 14776)
      • MicrosoftEdgeUpdate.exe (PID: 12828)
      • MicrosoftEdgeUpdate.exe (PID: 12036)
      • Madium-Launcher.exe (PID: 15212)
      • msedgewebview2.exe (PID: 12736)

    • Application launched itself

      • msedge.exe (PID: 3324)
      • msedge.exe (PID: 9976)

    • There is functionality for taking screenshot (YARA)

      • Madium.exe (PID: 7664)

    • Application based on Rust

      • Madium.exe (PID: 7664)

    • Reads Environment values

      • identity_helper.exe (PID: 8316)
      • MicrosoftEdgeUpdate.exe (PID: 9576)
      • MicrosoftEdgeUpdate.exe (PID: 6148)
      • MicrosoftEdgeUpdate.exe (PID: 14036)
      • MicrosoftEdgeUpdate.exe (PID: 15048)
      • msedgewebview2.exe (PID: 12736)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 3324)
      • msedge.exe (PID: 2660)

    • The sample compiled with english language support

      • MicrosoftEdgeUpdate.exe (PID: 14832)
      • MicrosoftEdgeWebView2RuntimeInstallerX86.exe (PID: 14332)
      • MicrosoftEdgeWebview_X86_146.0.3856.97.exe (PID: 10504)
      • setup.exe (PID: 9220)
      • msedge.exe (PID: 2660)
      • MicrosoftEdgeWebview2Setup.exe (PID: 13540)
      • msedge.exe (PID: 3324)
      • MicrosoftEdge_X64_146.0.3856.97.exe (PID: 12776)
      • setup.exe (PID: 14476)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 14832)

    • Creates a software uninstall entry

      • setup.exe (PID: 9220)
      • setup.exe (PID: 14476)

    • Launching a file from the Downloads directory

      • msedge.exe (PID: 3324)

    • Reads CPU info

      • msedgewebview2.exe (PID: 12736)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: AMD AMD64
TimeStamp: 2026:04:02 18:44:17+00:00
ImageFileCharacteristics: Executable, Large address aware
PEType: PE32+
LinkerVersion: 14.5
CodeSize: 217600
InitializedDataSize: 109056
UninitializedDataSize: -
EntryPoint: 0xeb14a8
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows command line
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
377
Monitored processes
227
Malicious processes
2
Suspicious processes
5

Behavior graph

Click at the process to see the details
start madium-launcher.exe conhost.exe no specs cmd.exe no specs msedge.exe cmd.exe no specs taskkill.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs madium.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgewebview2runtimeinstallerx86.exe microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgewebview_x86_146.0.3856.97.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs setup.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgeupdate.exe madium-launcher.exe no specs madium-launcher.exe conhost.exe no specs cmd.exe no specs madium.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgewebview2setup.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs microsoftedgeupdate.exe msedge.exe no specs msedge.exe no specs microsoftedge_x64_146.0.3856.97.exe setup.exe msedge.exe no specs microsoftedgeupdate.exe madium-launcher.exe no specs madium-launcher.exe conhost.exe no specs cmd.exe no specs madium.exe msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedge.exe no specs madium-launcher.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
728"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7436,i,972424888115411418,5432426101192439292,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1456"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=8744,i,972424888115411418,5432426101192439292,262144 --variations-seed-version --mojo-platform-channel-handle=8920 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1724"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=17544,i,972424888115411418,5432426101192439292,262144 --variations-seed-version --mojo-platform-channel-handle=9068 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2128"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=159 --always-read-main-dll --field-trial-handle=13236,i,972424888115411418,5432426101192439292,262144 --variations-seed-version --mojo-platform-channel-handle=19584 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2364"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=7972,i,972424888115411418,5432426101192439292,262144 --variations-seed-version --mojo-platform-channel-handle=7944 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2436"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=8060,i,972424888115411418,5432426101192439292,262144 --variations-seed-version --mojo-platform-channel-handle=7552 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2660"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2296,i,972424888115411418,5432426101192439292,262144 --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:3C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3324"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=DefaultC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
3340"C:\Users\admin\AppData\Local\Temp\Madium-Launcher.exe" C:\Users\admin\AppData\Local\Temp\Madium-Launcher.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\madium-launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
3352"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=7200,i,972424888115411418,5432426101192439292,262144 --variations-seed-version --mojo-platform-channel-handle=7376 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.92\identity_helper.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
PWA Identity Proxy Host
Exit code:
3221226029
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\identity_helper.exe
c:\windows\system32\ntdll.dll
Total events
21 793
Read events
18 711
Write events
2 973
Delete events
109

Modification events

(PID) Process:(3340) Madium-Launcher.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(3340) Madium-Launcher.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(3340) Madium-Launcher.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(14832) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(14832) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(14832) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:CopilotUpdatePath
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\CopilotUpdate.exe
(PID) Process:(14832) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(14832) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.225.7
(PID) Process:(14832) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
(PID) Process:(14832) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.225.7
Executable files
451
Suspicious files
1 173
Text files
681
Unknown types
3

Dropped files

PID
Process
Filename
Type
3324msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RFe0c9e.TMP
MD5:
SHA256:
3324msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
3324msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RFe0cae.TMP
MD5:
SHA256:
3324msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RFe0cae.TMP
MD5:
SHA256:
3324msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
3324msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
3324msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RFe0cae.TMP
MD5:
SHA256:
3324msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RFe0cae.TMP
MD5:
SHA256:
3324msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
3324msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2 277
TCP/UDP connections
1 142
DNS requests
1 042
Threats
25

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3340
Madium-Launcher.exe
GET
302
140.82.121.4:443
https://github.com/olemadbusiness-blip/madium-public/releases/download/madium/Madium.exe
US
whitelisted
3340
Madium-Launcher.exe
GET
200
104.18.20.213:80
http://r12.c.lencr.org/78.crl
US
binary
204 Kb
whitelisted
3340
Madium-Launcher.exe
GET
200
185.199.108.133:443
https://raw.githubusercontent.com/blazevise-pixel/testing/refs/heads/main/skbidid
US
text
7 b
whitelisted
3340
Madium-Launcher.exe
GET
200
185.199.108.133:443
https://raw.githubusercontent.com/olemadbusiness-blip/madium-public/refs/heads/main/version.txt
US
text
6 b
whitelisted
3340
Madium-Launcher.exe
GET
200
172.64.149.23:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSr83eyJy3njhjVpn5bEpfc6MXawQQUOuEJhtTPGcKWdnRJdtzgNcZjY5oCEBqer%2Bxt6OGbXBkxQbaNkN0%3D
US
binary
977 b
whitelisted
2660
msedge.exe
GET
200
13.107.253.44:443
https://api.edgeoffer.microsoft.com/edgeoffer/pb/experiments?appId=edge-extensions&country=US
US
binary
82 b
whitelisted
2660
msedge.exe
GET
200
150.171.27.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:Ewg8spMdnvlel_rCKsEhvzDZe7mrhgukBv9u4vLunqo&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
text
100 b
whitelisted
2660
msedge.exe
GET
200
23.216.77.43:443
https://ntp.msn.com/edge/ntp?locale=en-US&title=New%20tab&dsp=1&sp=Bing&startpage=1&PC=U531
NL
html
1018 Kb
whitelisted
2660
msedge.exe
GET
200
23.216.77.9:443
https://assets.msn.com/staticsb/statics/latest/oneTrust/2.4/scripttemplates/otSDKStub.js
NL
text
27.4 Kb
whitelisted
3340
Madium-Launcher.exe
GET
200
172.64.149.23:80
http://ocsp.sectigo.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQzZq5DY2RqjBUGCjtK3%2FEujBgJrwQU0SLaTFnxS18mOKqd1u7rDcP7qWECEDbgWe2IjdV67dVwtnJ%2Fm9o%3D
US
binary
316 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4872
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:137
Not routed
whitelisted
5276
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
48.192.1.65:443
activation-v2.sls.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
5532
SearchApp.exe
92.123.104.47:443
www.bing.com
AKAMAI-ASN1
NL
whitelisted
23.11.40.157:80
ocsp.digicert.com
AKAMAI-AMS
NL
whitelisted
204.79.197.203:80
oneocsp.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4
System
192.168.100.255:138
Not routed
whitelisted
3340
Madium-Launcher.exe
185.199.108.133:443
raw.githubusercontent.com
FASTLY
US
whitelisted
3340
Madium-Launcher.exe
104.18.20.213:80
r12.c.lencr.org
CLOUDFLARENET
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 4.231.128.59
  • 51.104.136.2
whitelisted
activation-v2.sls.microsoft.com
  • 48.192.1.65
whitelisted
www.bing.com
  • 92.123.104.47
  • 92.123.104.58
  • 92.123.104.41
  • 92.123.104.5
  • 92.123.104.52
  • 92.123.104.61
  • 92.123.104.66
  • 92.123.104.65
  • 92.123.104.50
  • 92.123.104.32
  • 92.123.104.33
  • 92.123.104.34
  • 184.86.251.27
  • 184.86.251.22
  • 184.86.251.30
  • 184.86.251.24
  • 184.86.251.20
  • 184.86.251.15
  • 184.86.251.23
  • 184.86.251.19
  • 184.86.251.4
  • 92.123.104.19
  • 92.123.104.26
  • 92.123.104.30
  • 92.123.104.29
  • 92.123.104.21
  • 92.123.104.24
  • 92.123.104.20
  • 92.123.104.31
whitelisted
ocsp.digicert.com
  • 23.11.40.157
whitelisted
oneocsp.microsoft.com
  • 204.79.197.203
whitelisted
google.com
  • 142.251.14.113
  • 142.251.14.138
  • 142.251.14.100
  • 142.251.14.102
  • 142.251.14.101
  • 142.251.14.139
whitelisted
raw.githubusercontent.com
  • 185.199.108.133
  • 185.199.109.133
  • 185.199.111.133
  • 185.199.110.133
whitelisted
r12.c.lencr.org
  • 104.18.20.213
  • 104.18.21.213
whitelisted
github.com
  • 140.82.121.4
whitelisted
ocsp.usertrust.com
  • 172.64.149.23
  • 104.18.38.233
whitelisted

Threats

PID
Process
Class
Message
2232
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access raw user content on GitHub
2232
svchost.exe
Not Suspicious Traffic
INFO [ANY.RUN] Attempting to access release user assets on GitHub
2660
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2660
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
2660
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Google Tag Manager analytics (googletagmanager .com)
3340
Madium-Launcher.exe
Misc activity
ET INFO EXE - Served Attached HTTP
2660
msedge.exe
Misc activity
INFO [ANY.RUN] .cc TLD domain request
4872
svchost.exe
Unknown Traffic
ET USER_AGENTS Microsoft Dr Watson User-Agent (MSDW)
2660
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
2660
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
Process
Message
Madium.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Madium.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Madium.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
Madium.exe
WebView2: Failed to find an installed WebView2 runtime or non-stable Microsoft Edge installation.
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\AppData\Local\com.madium.app directory exists )
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Madium-Launcher.exe