.. /msedgewebview2.exe
msedgewebview2.exe is the executable file for Microsoft Edge WebView2, which is a web browser control used by applications to display web content.
Paths:
- C:\Program Files (x86)\Microsoft\Edge\Application\114.0.1823.43\msedgewebview2.exe
Resources:
Detection:
- IOC: msedgewebview2.exe spawned with any of the following: --gpu-launcher, --utility-cmd-prefix, --renderer-cmd-prefix, --browser-subprocess-path
Execute
This command launches the Microsoft Edge WebView2 browser control without sandboxing and will spawn calc.exe as its subprocess.
msedgewebview2.exe --no-sandbox --browser-subprocess-path="C:\Windows\System32\calc.exe"
Usecase: Proxy execution of binary
Privileges required: Low privileges
OS: Windows 10, Windows 11
MITRE ATT&CK®: T1202
This command launches the Microsoft Edge WebView2 browser control without sandboxing and will spawn calc.exe as its subprocess.
msedgewebview2.exe --utility-cmd-prefix="calc.exe"
Usecase: Proxy execution of binary
Privileges required: User
OS: Windows 10, Windows 11
MITRE ATT&CK®: T1202
This command launches the Microsoft Edge WebView2 browser control without sandboxing and will spawn calc.exe as its subprocess.
msedgewebview2.exe --disable-gpu-sandbox --gpu-launcher="calc.exe"
Usecase: Proxy execution of binary
Privileges required: User
OS: Windows 10, Windows 11
MITRE ATT&CK®: T1202
This command launches the Microsoft Edge WebView2 browser control without sandboxing and will spawn calc.exe as its subprocess.
msedgewebview2.exe --no-sandbox --renderer-cmd-prefix="calc.exe"
Usecase: Proxy execution of binary
Privileges required: User
OS: Windows 10, Windows 11
MITRE ATT&CK®: T1202