Process
ubiquitoussigned
msedgewebview2.exe
File identity
File details
- File type
- PE32+ executable
- Magic
- PE32+ executable (GUI)
- Original name
- msedgewebview2.exe
- Internal name
- msedgewebview2_exe
- Product
- Microsoft Edge WebView2
Signing information
- Status
- Signed
- Publisher
- Microsoft Corporation
- Signer
- Microsoft Corporation
- Issuer
- Microsoft Code Signing PCA 2024
- Signature rate
- 100%
File version1
148.0.3967.96100%
File size1
4518.90 KB100%
Execution context
File paths1
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\148.0.3967.96\msedgewebview2.exe100%
User context1
Interactive user100%
Integrity level1
Medium100%
Instances1
12100%
Session1
Session 1100%
Token privileges1
SeChangeNotifyPrivilege66.7%
Ancestry
Parents1
Children1
Grandparents0
Not observed.
Grandchildren0
Not observed.
Behavior
Loaded modules67
mfplat.dll100%rtworkq.dll100%hevcdecoder_store.dll100%combase.dll50%msedgewebview2.exe50%
Named pipes3
\wkssvc50%\crashpad_8804_DVJGPSTGNCLPAKWM50%\LOCAL\mojo.8804.6096.424480848032021261250%
Process handles3
Command-line patterns1
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\148.0.3967.96\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.26100.8328 --noerrdialogs --user-data-dir="C:\Users\<user>\AppData\Local\Packages\MicrosoftWindows.Client.WebExperience_cw5n1h2txyewy\LocalState\EBWebView" --webview-exe-name=Widgets.exe --webview-exe-version=526.11701.10.0 --embedded-browser-webview=1 --gpu-preferences=<redacted> --ssd-no-pressure-read-main-dll --metrics-shmem-handle=4116,i,12050335254388914320,3925934751080020712,262144 --field-trial-handle=2060,i,18352015805492508143,5611258576816742792,262144 --variations-seed-version --pseudonymization-salt-handle=2076,i,17184062663426662119,4157124322766245217,4 --trace-process-track-uuid=3190708991934122588 --mojo-platform-channel-handle=4940 /prefetch:10 /pfhostedapp:<redacted>100%
LOLBAS4
msedgewebview2.exe --no-sandbox --browser-subprocess-path="{PATH_ABSOLUTE:.exe}"Execute · Proxy execution of binarymsedgewebview2.exe --utility-cmd-prefix="{CMD}"Execute · Proxy execution of binarymsedgewebview2.exe --disable-gpu-sandbox --gpu-launcher="{CMD}"Execute · Proxy execution of binarymsedgewebview2.exe --no-sandbox --renderer-cmd-prefix="{CMD}"Execute · Proxy execution of binary
Indicators
SHA-2561
aac9b39ae654dd0e50f9f8716217949ba8a6b70ec6efffe3fa83a43957d6855b100%VirusTotal·MalwareBazaar·Hybrid Analysis·ANY.RUN·Google
SHA-11
b4da8e8531eda6ea9f2771756ef1e7aa1d835ae7100%VirusTotal·MalwareBazaar·Hybrid Analysis·ANY.RUN·Google
MD51
d4ccfd8b07e2ebd183e54b0e3f0c8571100%VirusTotal·MalwareBazaar·Hybrid Analysis·ANY.RUN·Google
Imphash1
733b9e748114eb977aba1c874d8bfbc0100%VirusTotal·MalwareBazaar·Google
Analysis
About this process
No analyst write-up yet.
Security notes
No analyst write-up yet.
Anomaly signals
None defined yet.
Telemetry
OS prevalence1
Microsoft Windows 11 Enterprise Evaluation100%
Observation timeline
- First seen
- 2026-06-08
- Last seen
- 2026-06-08
- Machines
- 1
- Executions
- 1