URL:

https://developer.microsoft.com/en-us/Microsoft-edge/webview2/

Full analysis: https://app.any.run/tasks/48745e17-b01c-444f-926a-2f76e7024654
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: November 10, 2025, 01:22:17
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
evasion
telegram
phishing
discord
exfiltration
stealer
websocket
Indicators:
MD5:

DAB6D40E21D221DF077250082BA4066B

SHA1:

84728678A725C503F0E653FE1E093F1E7A07D390

SHA256:

40073556F32BFBA78B90CE919660D1781042F8E120F68E10BD13232C7934C27A

SSDEEP:

3:N8YIv0XKRtRH/uu0J5K:2YIv0+DH/uu0jK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • MicrosoftEdgeUpdate.exe (PID: 7520)
      • msedgewebview2.exe (PID: 1552)
      • msedgewebview3.exe (PID: 4264)
      • msedgewebview3.exe (PID: 9536)

    • The DLL Hijacking

      • msedgewebview2.exe (PID: 5892)
      • msedgewebview2.exe (PID: 356)

    • Bypass execution policy to execute commands

      • powershell.exe (PID: 9040)
      • powershell.exe (PID: 8684)
      • powershell.exe (PID: 7636)
      • powershell.exe (PID: 7928)
      • powershell.exe (PID: 8108)
      • powershell.exe (PID: 9184)
      • powershell.exe (PID: 4960)
      • powershell.exe (PID: 2288)
      • powershell.exe (PID: 9776)
      • powershell.exe (PID: 10136)
      • powershell.exe (PID: 9940)
      • powershell.exe (PID: 9368)

    • Changes powershell execution policy (Bypass)

      • msedgewebview2.exe (PID: 1552)
      • msedgewebview3.exe (PID: 4264)
      • msedgewebview3.exe (PID: 9536)

    • Stealers network behavior

      • msedgewebview2.exe (PID: 1552)

    • Attempting to use instant messaging service

      • msedgewebview2.exe (PID: 1552)

    • PHISHING has been detected (SURICATA)

      • svchost.exe (PID: 2276)
      • msedgewebview2.exe (PID: 1552)

    • Adds path to the Windows Defender exclusion list

      • msedgewebview2.exe (PID: 1552)
      • msedgewebview3.exe (PID: 4264)
      • msedgewebview3.exe (PID: 9536)

    • Changes Windows Defender settings

      • msedgewebview2.exe (PID: 1552)
      • msedgewebview3.exe (PID: 4264)
      • msedgewebview3.exe (PID: 9536)

    • Uses Task Scheduler to run other applications

      • msedgewebview2.exe (PID: 1552)

    • Create files in the Startup directory

      • msedgewebview2.exe (PID: 1552)
      • msedgewebview3.exe (PID: 4264)
      • msedgewebview3.exe (PID: 9536)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • MicrosoftEdgeWebView2RuntimeInstallerX64.exe (PID: 2880)
      • MicrosoftEdgeUpdate.exe (PID: 7520)
      • WinRAR.exe (PID: 7576)
      • MicrosoftEdgeWebview_X64_142.0.3595.69.exe (PID: 4104)
      • setup.exe (PID: 5808)
      • BTMob.exe (PID: 8100)
      • msedgewebview2.exe (PID: 1552)
      • msedgewebview2.exe (PID: 3236)

    • Starts a Microsoft application from unusual location

      • MicrosoftEdgeUpdate.exe (PID: 7520)
      • msedgewebview2.exe (PID: 1552)

    • Executable content was dropped or overwritten

      • MicrosoftEdgeWebView2RuntimeInstallerX64.exe (PID: 2880)
      • MicrosoftEdgeUpdate.exe (PID: 7520)
      • setup.exe (PID: 5808)
      • MicrosoftEdgeWebview_X64_142.0.3595.69.exe (PID: 4104)
      • BTMob.exe (PID: 8100)
      • msedgewebview2.exe (PID: 1552)
      • msedgewebview2.exe (PID: 3236)

    • Starts itself from another location

      • MicrosoftEdgeUpdate.exe (PID: 7520)
      • msedgewebview2.exe (PID: 1552)

    • Creates/Modifies COM task schedule object

      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2268)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6476)
      • MicrosoftEdgeUpdate.exe (PID: 1504)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6416)

    • Reads security settings of Internet Explorer

      • MicrosoftEdgeUpdate.exe (PID: 7520)
      • MicrosoftEdgeUpdate.exe (PID: 7432)
      • msedgewebview2.exe (PID: 7352)
      • BTMob.exe (PID: 8100)
      • msedgewebview2.exe (PID: 8984)
      • BTMob.exe (PID: 6244)
      • msedgewebview2.exe (PID: 1552)

    • Application launched itself

      • setup.exe (PID: 5808)
      • msedgewebview2.exe (PID: 7352)
      • MicrosoftEdgeUpdate.exe (PID: 7432)
      • msedgewebview2.exe (PID: 8984)

    • Searches for installed software

      • setup.exe (PID: 5808)
      • msedgewebview2.exe (PID: 8984)

    • Checks for external IP

      • svchost.exe (PID: 2276)
      • msedgewebview2.exe (PID: 1552)

    • Process communicates with Telegram (possibly using it as an attacker's C2 server)

      • msedgewebview2.exe (PID: 1552)

    • Lists all scheduled tasks in specific format

      • schtasks.exe (PID: 8872)
      • schtasks.exe (PID: 9156)
      • schtasks.exe (PID: 2724)
      • schtasks.exe (PID: 8544)
      • schtasks.exe (PID: 7252)
      • schtasks.exe (PID: 4376)
      • schtasks.exe (PID: 9596)

    • Deletes scheduled task without confirmation

      • schtasks.exe (PID: 8932)
      • schtasks.exe (PID: 7864)
      • schtasks.exe (PID: 9708)

    • Starts POWERSHELL.EXE for commands execution

      • msedgewebview2.exe (PID: 1552)
      • msedgewebview3.exe (PID: 4264)
      • msedgewebview3.exe (PID: 9536)

    • Query Microsoft Defender preferences

      • msedgewebview2.exe (PID: 1552)
      • msedgewebview3.exe (PID: 4264)
      • msedgewebview3.exe (PID: 9536)

    • The process bypasses the loading of PowerShell profile settings

      • msedgewebview2.exe (PID: 1552)
      • msedgewebview3.exe (PID: 4264)
      • msedgewebview3.exe (PID: 9536)

    • Hides command output

      • cmd.exe (PID: 9200)

    • Starts CMD.EXE for commands execution

      • BTMob.exe (PID: 8100)
      • msedgewebview2.exe (PID: 1552)

    • Uses TIMEOUT.EXE to delay execution

      • cmd.exe (PID: 9200)
      • cmd.exe (PID: 2288)

    • The process connected to a server suspected of theft

      • msedgewebview2.exe (PID: 1552)

    • Script adds exclusion path to Windows Defender

      • msedgewebview2.exe (PID: 1552)
      • msedgewebview3.exe (PID: 4264)
      • msedgewebview3.exe (PID: 9536)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 2288)

    • Executing commands from a ".bat" file

      • msedgewebview2.exe (PID: 1552)

    • Reads the date of Windows installation

      • msedgewebview2.exe (PID: 1552)

    • The process executes via Task Scheduler

      • msedgewebview3.exe (PID: 9536)

  • INFO

    • Checks supported languages

      • identity_helper.exe (PID: 8072)
      • MicrosoftEdgeWebView2RuntimeInstallerX64.exe (PID: 2880)
      • identity_helper.exe (PID: 7688)
      • MicrosoftEdgeUpdate.exe (PID: 7520)
      • MicrosoftEdgeUpdate.exe (PID: 1504)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6476)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2268)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6416)
      • MicrosoftEdgeUpdate.exe (PID: 2740)
      • MicrosoftEdgeUpdate.exe (PID: 1288)
      • MicrosoftEdgeUpdate.exe (PID: 7432)
      • MicrosoftEdgeWebview_X64_142.0.3595.69.exe (PID: 4104)
      • setup.exe (PID: 5808)
      • setup.exe (PID: 2928)
      • BTMob.exe (PID: 8100)
      • MicrosoftEdgeUpdate.exe (PID: 7852)
      • msedgewebview2.exe (PID: 5892)
      • msedgewebview2.exe (PID: 7176)
      • msedgewebview2.exe (PID: 7352)
      • msedgewebview2.exe (PID: 4420)
      • msedgewebview2.exe (PID: 7200)
      • msedgewebview2.exe (PID: 3696)
      • msedgewebview2.exe (PID: 7264)
      • msedgewebview2.exe (PID: 1552)
      • identity_helper.exe (PID: 8452)
      • BTMob.exe (PID: 6244)
      • msedgewebview2.exe (PID: 8984)
      • msedgewebview2.exe (PID: 8972)
      • msedgewebview2.exe (PID: 2060)
      • msedgewebview2.exe (PID: 356)
      • msedgewebview2.exe (PID: 5580)
      • msedgewebview2.exe (PID: 5372)
      • msedgewebview2.exe (PID: 7208)
      • msedgewebview3.exe (PID: 4264)
      • msedgewebview3.exe (PID: 9536)
      • msedgewebview2.exe (PID: 7424)
      • msedgewebview2.exe (PID: 9652)
      • msedgewebview2.exe (PID: 9676)
      • msedgewebview2.exe (PID: 9780)
      • msedgewebview2.exe (PID: 9956)
      • msedgewebview2.exe (PID: 10036)
      • msedgewebview2.exe (PID: 8476)
      • msedgewebview2.exe (PID: 8636)
      • msedgewebview2.exe (PID: 968)
      • msedgewebview2.exe (PID: 3236)

    • Application launched itself

      • msedge.exe (PID: 6164)
      • msedge.exe (PID: 7908)
      • msedge.exe (PID: 1928)
      • msedge.exe (PID: 5860)
      • msedge.exe (PID: 3500)
      • msedge.exe (PID: 7524)
      • msedge.exe (PID: 8620)
      • msedge.exe (PID: 3348)
      • msedge.exe (PID: 1436)
      • msedge.exe (PID: 8552)
      • msedge.exe (PID: 8680)

    • Reads the computer name

      • identity_helper.exe (PID: 8072)
      • identity_helper.exe (PID: 7688)
      • MicrosoftEdgeUpdate.exe (PID: 7520)
      • MicrosoftEdgeUpdate.exe (PID: 1504)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6476)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 2268)
      • MicrosoftEdgeUpdateComRegisterShell64.exe (PID: 6416)
      • MicrosoftEdgeUpdate.exe (PID: 2740)
      • MicrosoftEdgeUpdate.exe (PID: 1288)
      • MicrosoftEdgeUpdate.exe (PID: 7432)
      • MicrosoftEdgeWebview_X64_142.0.3595.69.exe (PID: 4104)
      • setup.exe (PID: 5808)
      • BTMob.exe (PID: 8100)
      • msedgewebview2.exe (PID: 7352)
      • MicrosoftEdgeUpdate.exe (PID: 7852)
      • msedgewebview2.exe (PID: 5892)
      • msedgewebview2.exe (PID: 7176)
      • msedgewebview2.exe (PID: 1552)
      • identity_helper.exe (PID: 8452)
      • BTMob.exe (PID: 6244)
      • msedgewebview2.exe (PID: 8984)
      • msedgewebview2.exe (PID: 356)
      • msedgewebview2.exe (PID: 2060)
      • msedgewebview3.exe (PID: 4264)
      • msedgewebview3.exe (PID: 9536)
      • msedgewebview2.exe (PID: 968)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 6164)
      • WinRAR.exe (PID: 7576)

    • Reads Environment values

      • identity_helper.exe (PID: 8072)
      • identity_helper.exe (PID: 7688)
      • MicrosoftEdgeUpdate.exe (PID: 2740)
      • MicrosoftEdgeUpdate.exe (PID: 7852)
      • msedgewebview2.exe (PID: 7352)
      • msedgewebview2.exe (PID: 1552)
      • identity_helper.exe (PID: 8452)
      • msedgewebview2.exe (PID: 8984)
      • msedgewebview3.exe (PID: 4264)
      • msedgewebview3.exe (PID: 9536)

    • The sample compiled with english language support

      • MicrosoftEdgeWebView2RuntimeInstallerX64.exe (PID: 2880)
      • MicrosoftEdgeUpdate.exe (PID: 7520)
      • WinRAR.exe (PID: 7576)
      • MicrosoftEdgeWebview_X64_142.0.3595.69.exe (PID: 4104)
      • setup.exe (PID: 5808)
      • msedgewebview2.exe (PID: 3236)

    • Create files in a temporary directory

      • MicrosoftEdgeWebView2RuntimeInstallerX64.exe (PID: 2880)
      • BTMob.exe (PID: 8100)
      • msedgewebview2.exe (PID: 7352)
      • msedgewebview2.exe (PID: 1552)
      • msedgewebview2.exe (PID: 8984)

    • Launching a file from a Registry key

      • MicrosoftEdgeUpdate.exe (PID: 7520)
      • msedgewebview2.exe (PID: 1552)
      • msedgewebview3.exe (PID: 4264)
      • msedgewebview3.exe (PID: 9536)

    • Creates files or folders in the user directory

      • MicrosoftEdgeUpdate.exe (PID: 7520)
      • MicrosoftEdgeUpdate.exe (PID: 7432)
      • MicrosoftEdgeWebview_X64_142.0.3595.69.exe (PID: 4104)
      • setup.exe (PID: 2928)
      • setup.exe (PID: 5808)
      • BTMob.exe (PID: 8100)
      • msedgewebview2.exe (PID: 1552)
      • msedgewebview3.exe (PID: 4264)
      • msedgewebview3.exe (PID: 9536)
      • BTMob.exe (PID: 6244)
      • msedgewebview2.exe (PID: 968)

    • Checks proxy server information

      • MicrosoftEdgeUpdate.exe (PID: 2740)
      • MicrosoftEdgeUpdate.exe (PID: 7852)
      • msedgewebview2.exe (PID: 7352)
      • BTMob.exe (PID: 8100)
      • msedgewebview2.exe (PID: 1552)
      • msedgewebview2.exe (PID: 8984)
      • slui.exe (PID: 7828)
      • BTMob.exe (PID: 6244)

    • Reads the machine GUID from the registry

      • MicrosoftEdgeUpdate.exe (PID: 7432)
      • BTMob.exe (PID: 8100)
      • msedgewebview2.exe (PID: 7352)
      • msedgewebview2.exe (PID: 1552)
      • BTMob.exe (PID: 6244)
      • msedgewebview2.exe (PID: 8984)
      • msedgewebview3.exe (PID: 4264)
      • msedgewebview3.exe (PID: 9536)
      • msedgewebview2.exe (PID: 968)

    • Reads the software policy settings

      • MicrosoftEdgeUpdate.exe (PID: 7432)
      • MicrosoftEdgeUpdate.exe (PID: 2740)
      • MicrosoftEdgeUpdate.exe (PID: 7852)
      • BTMob.exe (PID: 8100)
      • msedgewebview2.exe (PID: 1552)
      • slui.exe (PID: 7828)

    • Manual execution by a user

      • WinRAR.exe (PID: 7576)
      • BTMob.exe (PID: 6640)
      • BTMob.exe (PID: 8100)
      • msedge.exe (PID: 5860)

    • Process checks computer location settings

      • MicrosoftEdgeUpdate.exe (PID: 7520)
      • setup.exe (PID: 5808)
      • msedgewebview2.exe (PID: 7352)
      • msedgewebview2.exe (PID: 7200)
      • msedgewebview2.exe (PID: 3696)
      • BTMob.exe (PID: 8100)
      • msedgewebview2.exe (PID: 8984)
      • msedgewebview2.exe (PID: 5372)
      • msedgewebview2.exe (PID: 7208)
      • msedgewebview2.exe (PID: 1552)
      • msedgewebview2.exe (PID: 9956)
      • msedgewebview2.exe (PID: 10036)

    • Creates a software uninstall entry

      • setup.exe (PID: 5808)

    • Disables trace logs

      • BTMob.exe (PID: 8100)
      • msedgewebview2.exe (PID: 1552)
      • BTMob.exe (PID: 6244)

    • Reads CPU info

      • msedgewebview2.exe (PID: 7352)
      • msedgewebview2.exe (PID: 8984)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 9040)
      • powershell.exe (PID: 8684)
      • powershell.exe (PID: 7636)
      • powershell.exe (PID: 7928)
      • powershell.exe (PID: 9184)
      • powershell.exe (PID: 2288)
      • powershell.exe (PID: 4960)
      • powershell.exe (PID: 8108)
      • powershell.exe (PID: 9776)
      • powershell.exe (PID: 9940)
      • powershell.exe (PID: 9368)
      • powershell.exe (PID: 10136)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 8684)
      • powershell.exe (PID: 7636)
      • powershell.exe (PID: 7928)
      • powershell.exe (PID: 8108)
      • powershell.exe (PID: 2288)
      • powershell.exe (PID: 4960)
      • powershell.exe (PID: 9940)
      • powershell.exe (PID: 9368)
      • powershell.exe (PID: 10136)

    • Launching a file from the Startup directory

      • msedgewebview2.exe (PID: 1552)
      • msedgewebview3.exe (PID: 4264)
      • msedgewebview3.exe (PID: 9536)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
360
Monitored processes
200
Malicious processes
10
Suspicious processes
4

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs microsoftedgewebview2runtimeinstallerx64.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdatecomregistershell64.exe no specs microsoftedgeupdate.exe microsoftedgeupdate.exe no specs microsoftedgeupdate.exe no specs winrar.exe microsoftedgewebview_x64_142.0.3595.69.exe setup.exe setup.exe no specs slui.exe btmob.exe no specs btmob.exe msedgewebview2.exe msedgewebview2.exe no specs microsoftedgeupdate.exe msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs #PHISHING msedgewebview2.exe #PHISHING svchost.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs timeout.exe no specs btmob.exe powershell.exe no specs conhost.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs powershell.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs powershell.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedgewebview3.exe schtasks.exe no specs conhost.exe no specs schtasks.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs timeout.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs powershell.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedgewebview3.exe schtasks.exe no specs conhost.exe no specs msedgewebview2.exe no specs schtasks.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs msedgewebview2.exe no specs msedge.exe no specs powershell.exe no specs conhost.exe no specs msedgewebview2.exe no specs msedge.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedgewebview2.exe no specs msedge.exe no specs updater.exe no specs updater.exe no specs msedge.exe no specs msedgewebview2.exe no specs msedgewebview2.exe msedge.exe no specs msedgewebview2.exe no specs msedge.exe no specs msedge.exe no specs msedgewebview2.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
132"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --disable-quic --string-annotations --always-read-main-dll --field-trial-handle=2816,i,1923835505499595794,14057124664026149919,262144 --variations-seed-version --mojo-platform-channel-handle=1436 /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
356"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\142.0.3595.69\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\admin\Desktop\BTMOB3.6.1\BTMob.exe.WebView2\EBWebView" --webview-exe-name=BTMob.exe --webview-exe-version=3.6.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --no-pre-read-main-dll --force-high-res-timeticks=disabled --subproc-heap-profiling --gpu-preferences=SAAAAAAAAADgAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --startup-read-main-dll --metrics-shmem-handle=1668,i,13506413308359080983,2525404125019080335,262144 --field-trial-handle=1824,i,13549289784323574196,3016516630838417570,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,LocalNetworkAccessForFencedFrameNavigationsWarningOnly,LocalNetworkAccessForNavigationsWarningOnly,LocalNetworkAccessForSubframeNavigationsWarningOnly,LocalNetworkAccessForWorkersWarningOnly,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,DeferSpeculativeRFHCreation,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,PreloadingEagerHeuristics,SafetyHub,SegmentationPlatform,ServiceWorkerAutoPreload,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeServiceRequest,msAutofillEnableEdgeSuggestions,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msETFOffstoreExtensionFileDataCollection,msETFPasswordTheftDNRActionSignals,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillShowDeployedPassword,msEdgeCaptureSelectionInPDF,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgePasswordStrengthCheck,msEdgePinpointFramework,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeScreenshotUI,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTranslate,msEdgeUpdatesMoreMenuPill,msEdgeWebCapture,msEdgeWebCaptureUniformExperience,msEdgeWebContentFilteringFeedback,msEdgeWorkSearchBanner,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLlmConsumerDlpPurview,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msNumberOfSitesToPin,msNurturingGlobalSitePinningOnCloseModal,msNurturingSitePinningCITopSites,msNurturingSitePinningWithWindowsConsent,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPageInteractionRestrictionRevoke,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSitePinningWithoutUi,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --trace-process-track-uuid=3190708988185955192 --mojo-platform-channel-handle=1816 /prefetch:2C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\142.0.3595.69\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge WebView2
Version:
142.0.3595.69
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\142.0.3595.69\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\142.0.3595.69\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
412\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
752"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=3 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5516,i,8736815145872219673,8308757851621453335,262144 --variations-seed-version --mojo-platform-channel-handle=4336 /prefetch:1C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
968"C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\142.0.3595.69\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.3636 --noerrdialogs --user-data-dir="C:\Users\admin\Desktop\BTMOB3.6.1\BTMob.exe.WebView2\EBWebView" --webview-exe-name=BTMob.exe --webview-exe-version=3.6.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --force-high-res-timeticks=disabled --subproc-heap-profiling --gpu-preferences=SAAAAAAAAADoAAAEAAAAAAAAAAAAAGAAAQAAAAAAAAAAAAAAAAAAAEIAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --skip-read-main-dll --metrics-shmem-handle=5592,i,2178934343150897736,12602181667357790759,262144 --field-trial-handle=1824,i,13549289784323574196,3016516630838417570,262144 --enable-features=ForceSWDCompWhenDCompFallbackRequired,LocalNetworkAccessForFencedFrameNavigationsWarningOnly,LocalNetworkAccessForNavigationsWarningOnly,LocalNetworkAccessForSubframeNavigationsWarningOnly,LocalNetworkAccessForWorkersWarningOnly,msAggressiveCacheTrimming,msCustomDataPartition,msWebView2NoTabForScreenShare,msWindowsTaskManager --disable-features=BackForwardCache,BackgroundTabLoadingFromPerformanceManager,CloseOmniboxPopupOnInactiveAreaClick,CollectAVProductsInfo,CollectCodeIntegrityInfo,DeferSpeculativeRFHCreation,EnableHangWatcher,FilterAdsOnAbusiveSites,GetWifiProtocol,LoginDetection,MediaFoundationCameraUsageMonitoring,PreconnectToSearch,PreloadingEagerHeuristics,SafetyHub,SegmentationPlatform,ServiceWorkerAutoPreload,SpareRendererForSitePerProcess,Ukm,WebPayments,msAITrackerClassification,msAbydosForWindowlessWV2,msAffirmVirtualCard,msAllowChromeWebstore,msAllowMSAPrtSSOForNonMSAProfile,msApplicationGuard,msAskBeforeClosingMultipleTabs,msAutoToggleAADPrtSSOForNonAADProfile,msAutofillEdgeServiceRequest,msAutofillEnableEdgeSuggestions,msAutomaticTabFreeze,msBrowserSettingsSupported,msCoarseGeolocationService,msDataProtection,msDesktopMode,msDesktopRewards,msDisableVariationsSeedFetchThrottling,msEEProactiveHistory,msETFOffstoreExtensionFileDataCollection,msETFPasswordTheftDNRActionSignals,msEdgeAdPlatformUI,msEdgeAddWebCapturetoCollections,msEdgeAutofillShowDeployedPassword,msEdgeCaptureSelectionInPDF,msEdgeCloudConfigService,msEdgeCloudConfigServiceV2,msEdgeCohorts,msEdgeCollectionsPrismExperiment1,msEdgeCollectionsPrismOverallMigration,msEdgeComposeNext,msEdgeEnableNurturingFramework,msEdgeEnclavePrefsBasic,msEdgeEnclavePrefsNotification,msEdgeFaviconService,msEdgeHJTelemetry,msEdgeHubAppSkype,msEdgeImageEditorUI,msEdgeLinkDoctor,msEdgeMouseGestureDefaultEnabled,msEdgeMouseGestureSupported,msEdgeNewDeviceFre,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgePDFCMHighlightUX,msEdgePasswordIris,msEdgePasswordIrisSaveBubble,msEdgePasswordStrengthCheck,msEdgePinpointFramework,msEdgeProngPersonalization,msEdgeReadingView,msEdgeRose,msEdgeScreenshotUI,msEdgeSendTabToSelf,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingPersistentStorage,msEdgeShoppingUI,msEdgeSmartFind,msEdgeSuperDragDefaultEnabled,msEdgeSuperDragDropSupported,msEdgeTranslate,msEdgeUpdatesMoreMenuPill,msEdgeWebCapture,msEdgeWebCaptureUniformExperience,msEdgeWebContentFilteringFeedback,msEdgeWorkSearchBanner,msEnableCustomJobMemoryLimitsOnXbox,msEnableMIPForPDF,msEnablePdfUpsell,msEnableThirdPartyScanning,msEnableWebSignInCta,msEnableWebToBrowserSignIn,msEndpointDlp,msEntityExtraction,msExtensionTelemetryFramework,msExternalTaskManager,msFileSystemAccessDirectoryIterationBlocklistCheck,msForceBrowserSignIn,msForeignSessionsPage,msGeolocationAccessService,msGeolocationOSLocationPermissionFallback,msGeolocationSQMService,msGeolocationService,msGrowthInfraLaunchSourceLogging,msGuidedSwitchAllowed,msHubPinPersist,msImplicitSignin,msIrm,msIrmv2,msKlarnaVirtualCard,msLlmConsumerDlpPurview,msLoadStatistics,msLogIsEdgePinnedToTaskbarOnLaunch,msMIPCrossTenantPdfViewSupport,msMdatpWebSiteDlp,msNotificationPermissionForPWA,msNumberOfSitesToPin,msNurturingGlobalSitePinningOnCloseModal,msNurturingSitePinningCITopSites,msNurturingSitePinningWithWindowsConsent,msOnHoverSearchInSidebar,msOpenOfficeDocumentsInWebViewer,msPageInteractionRestrictionRevoke,msPasswordBreachDetection,msPdfAnnotationsVisibility,msPdfDataRecovery,msPdfDigitalSignatureRead,msPdfFreeText,msPdfFreeTextForCJK,msPdfHighlightMode,msPdfInking,msPdfKeyphraseSupport,msPdfOOUI,msPdfPopupMarkerRenderer,msPdfShare,msPdfSharedLibrary,msPdfTextNote,msPdfTextNoteMoreMenu,msPdfThumbnailCache,msPdfUnderside,msPdfViewRestore,msPersonalizationUMA,msPriceComparison,msPromptDefaultHandlerForPDF,msReactiveSearch,msReadAloud,msReadAloudPdf,msRedirectToShoreline,msRevokeExtensions,msSaasDlp,msShoppingTrigger,msShorelineSearch,msShorelineSearchFindOnPageWebUI,msShowOfflineGameEntrance,msShowReadAloudIconInAddressBar,msShowUXForAADPrtSSOForNonAADProfile,msSitePinningWithoutUi,msSuspendMessageForNewSessionWhenHavingPendingNavigation,msSyncEdgeCollections,msTabResourceStats,msTokenizationAutofillInlineEnabled,msTouchMode,msTriggeringSignalGenerator,msUserUnderstanding,msVideoSuperResolutionUI,msWalletBuyNow,msWalletCheckout,msWalletDiagnosticDataLogger,msWalletHubEntry,msWalletHubIntlP3,msWalletPartialCard,msWalletPasswordCategorization,msWalletPasswordCategorizationPlatformExpansion,msWalletTokenizationCardMetadata,msWalletTokenizedAutofill,msWebAssist,msWebAssistHistorySearchService,msWebOOUI,msWindowsUserActivities,msZipPayVirtualCard --variations-seed-version --trace-process-track-uuid=3190708998493415531 --mojo-platform-channel-handle=2444 /prefetch:8C:\Users\admin\AppData\Local\Microsoft\EdgeWebView\Application\142.0.3595.69\msedgewebview2.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge WebView2
Exit code:
0
Version:
142.0.3595.69
Modules
Images
c:\users\admin\appdata\local\microsoft\edgewebview\application\142.0.3595.69\msedgewebview2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\microsoft\edgewebview\application\142.0.3595.69\msedge_elf.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcryptprimitives.dll
c:\windows\system32\shcore.dll
988"schtasks.exe" /create /tn "msedgewebview3" /tr "\"C:\Users\admin\AppData\Local\EdgeWebView\msedgewebview3.exe\"" /sc minute /mo 1 /rl HIGHEST /fC:\Windows\System32\schtasks.exemsedgewebview2.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Task Scheduler Configuration Tool
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\schtasks.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1288"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /handoff "appguid={F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}&appname=Microsoft%20Edge%20WebView2%20Runtime&needsadmin=false" /installsource offline /sessionid "{D14C9DB5-AC98-447F-BD2F-B0D43F18DFBB}" /offlinedir "{AA380D08-46B5-46FE-A5CE-5A815E203549}"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.207.5
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
1436"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/BTMOBBOTC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeBTMob.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
133.0.3065.92
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\133.0.3065.92\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1504"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserverC:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exeMicrosoftEdgeUpdate.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge Update
Exit code:
0
Version:
1.3.207.5
Modules
Images
c:\users\admin\appdata\local\microsoft\edgeupdate\microsoftedgeupdate.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\ole32.dll
c:\windows\syswow64\ucrtbase.dll
1504reg add HKLM\SYSTEM\CurrentControlSet\Control\Session Manager /v PendingFileRenameOperations /t REG_MULTI_SZ /d "\??\C:\Users\admin\AppData\Local\Temp\msedgewebview2.exe\0" /f C:\Windows\System32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
Total events
91 069
Read events
89 744
Write events
1 237
Delete events
88

Modification events

(PID) Process:(7520) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:delete valueName:eulaaccepted
Value:
(PID) Process:(7520) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_c
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001Core{F5029E72-921D-4E53-B666-A6234B3C3B4E}
(PID) Process:(7520) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:path
Value:
C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(PID) Process:(7520) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:UninstallCmdLine
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /uninstall
(PID) Process:(7520) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.207.5
(PID) Process:(7520) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:name
Value:
Microsoft Edge Update
(PID) Process:(7520) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\ClientState\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}
Operation:writeName:pv
Value:
1.3.207.5
(PID) Process:(7520) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:Microsoft Edge Update
Value:
"C:\Users\admin\AppData\Local\Microsoft\EdgeUpdate\1.3.207.5\MicrosoftEdgeUpdateCore.exe"
(PID) Process:(7520) MicrosoftEdgeUpdate.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate
Operation:writeName:edgeupdate_task_name_ua
Value:
MicrosoftEdgeUpdateTaskUserS-1-5-21-1693682860-607145093-2874071422-1001UA{270A93E1-5726-43E3-A87F-1052F8A68220}
(PID) Process:(6476) MicrosoftEdgeUpdateComRegisterShell64.exeKey:HKEY_CLASSES_ROOT\CLSID\{9AA1040C-9CC8-4622-A8B4-47AB2F7DC46A}\InprocHandler32
Operation:writeName:ThreadingModel
Value:
Both
Executable files
304
Suspicious files
1 194
Text files
569
Unknown types
14

Dropped files

PID
Process
Filename
Type
6164msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old~RF161fd1.TMP
MD5:
SHA256:
6164msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\ClientCertificates\LOG.old
MD5:
SHA256:
6164msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF161ff0.TMP
MD5:
SHA256:
6164msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
6164msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF161ff0.TMP
MD5:
SHA256:
6164msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old~RF162000.TMP
MD5:
SHA256:
6164msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\LOG.old
MD5:
SHA256:
6164msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF162000.TMP
MD5:
SHA256:
6164msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF162000.TMP
MD5:
SHA256:
6164msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
87
TCP/UDP connections
223
DNS requests
175
Threats
50

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4644
msedge.exe
GET
200
150.171.28.11:80
http://edge.microsoft.com/browsernetworktime/time/1/current?cup2key=2:BCkEtUo1gyIgNzQ1WzHqs1oInQnU8el-w1LXplixoB0&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
US
text
99 b
whitelisted
6156
svchost.exe
GET
200
23.63.118.230:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
DE
binary
471 b
whitelisted
5596
MoUsoCoreWorker.exe
GET
200
95.101.78.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
6164
msedge.exe
GET
200
95.101.78.42:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
NL
binary
825 b
whitelisted
6164
msedge.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
DE
binary
1.05 Kb
whitelisted
1836
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Time-Stamp%20PCA%202010(1).crl
DE
binary
814 b
whitelisted
1836
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20Update%20Signing%20CA%202.3.crl
DE
binary
813 b
whitelisted
1836
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.3.crl
DE
binary
401 b
whitelisted
1836
SIHClient.exe
GET
200
2.23.181.156:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Signing%20CA%202.2.crl
DE
binary
402 b
whitelisted
7176
msedgewebview2.exe
GET
200
195.160.221.203:80
http://195.160.221.203/yaarsa/user/loginbt2.php
UA
html
31.8 Kb
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
5040
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5596
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6156
svchost.exe
20.190.159.128:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4644
msedge.exe
150.171.22.17:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4644
msedge.exe
150.171.28.11:80
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4644
msedge.exe
2.23.181.189:443
developer.microsoft.com
AKAMAI-AS
DE
whitelisted
4644
msedge.exe
150.171.28.11:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
4644
msedge.exe
2.16.204.141:443
copilot.microsoft.com
Akamai International B.V.
DE
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
whitelisted
login.live.com
  • 20.190.159.128
  • 40.126.31.3
  • 20.190.159.131
  • 40.126.31.129
  • 20.190.159.129
  • 20.190.159.75
  • 20.190.159.0
  • 40.126.31.1
  • 20.190.159.71
  • 40.126.31.71
  • 40.126.31.131
  • 40.126.31.73
  • 40.126.31.130
  • 20.190.159.68
whitelisted
google.com
  • 142.250.186.46
whitelisted
edge.microsoft.com
  • 150.171.28.11
  • 150.171.27.11
whitelisted
config.edge.skype.com
  • 150.171.22.17
whitelisted
developer.microsoft.com
  • 2.23.181.189
whitelisted
copilot.microsoft.com
  • 2.16.204.141
  • 2.16.204.153
whitelisted
edgecdn-embza6g8cacagcbn.z01.azurefd.net
  • 13.107.246.44
  • 13.107.213.44
whitelisted
www.bing.com
  • 2.16.204.161
  • 2.16.204.141
whitelisted
c.s-microsoft.com
  • 184.30.18.101
whitelisted

Threats

PID
Process
Class
Message
4644
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Azure Front Door domain observed in TLS SNI ( .azurefd .net)
4644
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Azure Front Door domain observed in TLS SNI ( .azurefd .net)
4644
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Azure Front Door domain observed in TLS SNI ( .azurefd .net)
4644
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Azure Front Door domain observed in TLS SNI ( .azurefd .net)
4644
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Azure Front Door domain observed in TLS SNI ( .azurefd .net)
4644
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Azure Front Door domain observed in TLS SNI ( .azurefd .net)
4644
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Azure Front Door domain observed in TLS SNI ( .azurefd .net)
4644
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Azure Front Door domain observed in TLS SNI ( .azurefd .net)
4644
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Azure Front Door domain observed in TLS SNI ( .azurefd .net)
4644
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Azure Front Door domain observed in TLS SNI ( .azurefd .net)
Process
Message
BTMob.exe
WebView2 Warning: Using default User Data Folder is not recommended, please see documentation. https://go.microsoft.com/fwlink/?linkid=2187341
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\Desktop\BTMOB3.6.1\BTMob.exe.WebView2 directory exists )
BTMob.exe
WebView2 Warning: Using default User Data Folder is not recommended, please see documentation. https://go.microsoft.com/fwlink/?linkid=2187341
BTMob.exe
WebView2 Warning: Using default User Data Folder is not recommended, please see documentation. https://go.microsoft.com/fwlink/?linkid=2187341
msedgewebview2.exe
RecursiveDirectoryCreate( C:\Users\admin\Desktop\BTMOB3.6.1\BTMob.exe.WebView2\EBWebView directory exists )
BTMob.exe
WebView2 Warning: Using default User Data Folder is not recommended, please see documentation. https://go.microsoft.com/fwlink/?linkid=2187341
BTMob.exe
WebView2 Warning: Using default User Data Folder is not recommended, please see documentation. https://go.microsoft.com/fwlink/?linkid=2187341
BTMob.exe
WebView2 Warning: Using default User Data Folder is not recommended, please see documentation. https://go.microsoft.com/fwlink/?linkid=2187341
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://developer.microsoft.com/en-us/Microsoft-edge/webview2/