Analysis
-
max time kernel
82s -
max time network
83s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2024 20:10
Behavioral task
behavioral1
Sample
applecleaner.exe
Resource
win7-20240611-en
General
-
Target
applecleaner.exe
-
Size
3.6MB
-
MD5
f96eb2236970fb3ea97101b923af4228
-
SHA1
e0eed80f1054acbf5389a7b8860a4503dd3e184a
-
SHA256
46fe5192387d3f897a134d29c069ebf39c72094c892134d2f0e77b12b11a6172
-
SHA512
2fd2d28c5f571d40b43a4dd7a22d367ba42420c29627f21ca0a2052070ffb9f689d80dad638238189eed26ed19af626f47e70f1207e10007041c620dac323cc7
-
SSDEEP
98304:z7m+ij9HD0+jCihNRkl/W6aG/wcKnfu8NUT6Ko:e+y4ihkl/Wo/afHPb
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
applecleaner.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ applecleaner.exe -
Modifies Windows Firewall 2 TTPs 1 IoCs
Processes:
netsh.exepid process 2900 netsh.exe -
Checks BIOS information in registry 2 TTPs 3 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
applecleaner.exedescription ioc process Set value (data) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion = 65004f00380048005300200020002d002000330000000000 applecleaner.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion applecleaner.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion applecleaner.exe -
Processes:
resource yara_rule behavioral2/memory/320-0-0x00007FF6E7650000-0x00007FF6E7FF2000-memory.dmp themida behavioral2/memory/320-4-0x00007FF6E7650000-0x00007FF6E7FF2000-memory.dmp themida behavioral2/memory/320-3-0x00007FF6E7650000-0x00007FF6E7FF2000-memory.dmp themida behavioral2/memory/320-2-0x00007FF6E7650000-0x00007FF6E7FF2000-memory.dmp themida behavioral2/memory/320-5-0x00007FF6E7650000-0x00007FF6E7FF2000-memory.dmp themida behavioral2/memory/320-6-0x00007FF6E7650000-0x00007FF6E7FF2000-memory.dmp themida behavioral2/memory/320-12-0x00007FF6E7650000-0x00007FF6E7FF2000-memory.dmp themida -
Processes:
applecleaner.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA applecleaner.exe -
Checks system information in the registry 2 TTPs 1 IoCs
System information is often read in order to detect sandboxing environments.
Processes:
applecleaner.exedescription ioc process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer applecleaner.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
applecleaner.exepid process 320 applecleaner.exe -
Enumerates system info in registry 2 TTPs 18 IoCs
Processes:
applecleaner.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral applecleaner.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral applecleaner.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral applecleaner.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer applecleaner.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion applecleaner.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily applecleaner.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 applecleaner.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0\Identifier applecleaner.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0\Identifier = "99e41f29-32fd4b84-3" applecleaner.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU applecleaner.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemBiosVersion applecleaner.exe Set value (str) \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0\Identifier = "8578aea4-5fb3fd2b-1" applecleaner.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS applecleaner.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardVersion applecleaner.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct applecleaner.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer applecleaner.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion applecleaner.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName applecleaner.exe -
Gathers network information 2 TTPs 3 IoCs
Uses commandline utility to view network configuration.
Processes:
ipconfig.exeipconfig.exeipconfig.exepid process 3888 ipconfig.exe 2252 ipconfig.exe 4580 ipconfig.exe -
Kills process with taskkill 3 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exepid process 4588 taskkill.exe 3340 taskkill.exe 4448 taskkill.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
applecleaner.exepid process 320 applecleaner.exe 320 applecleaner.exe -
Suspicious use of AdjustPrivilegeToken 45 IoCs
Processes:
taskkill.exetaskkill.exetaskkill.exeWMIC.exedescription pid process Token: SeDebugPrivilege 4588 taskkill.exe Token: SeDebugPrivilege 3340 taskkill.exe Token: SeDebugPrivilege 4448 taskkill.exe Token: SeIncreaseQuotaPrivilege 4512 WMIC.exe Token: SeSecurityPrivilege 4512 WMIC.exe Token: SeTakeOwnershipPrivilege 4512 WMIC.exe Token: SeLoadDriverPrivilege 4512 WMIC.exe Token: SeSystemProfilePrivilege 4512 WMIC.exe Token: SeSystemtimePrivilege 4512 WMIC.exe Token: SeProfSingleProcessPrivilege 4512 WMIC.exe Token: SeIncBasePriorityPrivilege 4512 WMIC.exe Token: SeCreatePagefilePrivilege 4512 WMIC.exe Token: SeBackupPrivilege 4512 WMIC.exe Token: SeRestorePrivilege 4512 WMIC.exe Token: SeShutdownPrivilege 4512 WMIC.exe Token: SeDebugPrivilege 4512 WMIC.exe Token: SeSystemEnvironmentPrivilege 4512 WMIC.exe Token: SeRemoteShutdownPrivilege 4512 WMIC.exe Token: SeUndockPrivilege 4512 WMIC.exe Token: SeManageVolumePrivilege 4512 WMIC.exe Token: 33 4512 WMIC.exe Token: 34 4512 WMIC.exe Token: 35 4512 WMIC.exe Token: 36 4512 WMIC.exe Token: SeIncreaseQuotaPrivilege 4512 WMIC.exe Token: SeSecurityPrivilege 4512 WMIC.exe Token: SeTakeOwnershipPrivilege 4512 WMIC.exe Token: SeLoadDriverPrivilege 4512 WMIC.exe Token: SeSystemProfilePrivilege 4512 WMIC.exe Token: SeSystemtimePrivilege 4512 WMIC.exe Token: SeProfSingleProcessPrivilege 4512 WMIC.exe Token: SeIncBasePriorityPrivilege 4512 WMIC.exe Token: SeCreatePagefilePrivilege 4512 WMIC.exe Token: SeBackupPrivilege 4512 WMIC.exe Token: SeRestorePrivilege 4512 WMIC.exe Token: SeShutdownPrivilege 4512 WMIC.exe Token: SeDebugPrivilege 4512 WMIC.exe Token: SeSystemEnvironmentPrivilege 4512 WMIC.exe Token: SeRemoteShutdownPrivilege 4512 WMIC.exe Token: SeUndockPrivilege 4512 WMIC.exe Token: SeManageVolumePrivilege 4512 WMIC.exe Token: 33 4512 WMIC.exe Token: 34 4512 WMIC.exe Token: 35 4512 WMIC.exe Token: 36 4512 WMIC.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
applecleaner.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.execmd.exedescription pid process target process PID 320 wrote to memory of 1056 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 1056 320 applecleaner.exe cmd.exe PID 1056 wrote to memory of 4588 1056 cmd.exe taskkill.exe PID 1056 wrote to memory of 4588 1056 cmd.exe taskkill.exe PID 320 wrote to memory of 1164 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 1164 320 applecleaner.exe cmd.exe PID 1164 wrote to memory of 3340 1164 cmd.exe taskkill.exe PID 1164 wrote to memory of 3340 1164 cmd.exe taskkill.exe PID 320 wrote to memory of 3948 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 3948 320 applecleaner.exe cmd.exe PID 3948 wrote to memory of 4448 3948 cmd.exe taskkill.exe PID 3948 wrote to memory of 4448 3948 cmd.exe taskkill.exe PID 320 wrote to memory of 4004 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 4004 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 1672 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 1672 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 2372 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 2372 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 2500 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 2500 320 applecleaner.exe cmd.exe PID 2500 wrote to memory of 5024 2500 cmd.exe netsh.exe PID 2500 wrote to memory of 5024 2500 cmd.exe netsh.exe PID 320 wrote to memory of 4508 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 4508 320 applecleaner.exe cmd.exe PID 4508 wrote to memory of 5004 4508 cmd.exe netsh.exe PID 4508 wrote to memory of 5004 4508 cmd.exe netsh.exe PID 320 wrote to memory of 2536 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 2536 320 applecleaner.exe cmd.exe PID 2536 wrote to memory of 2900 2536 cmd.exe netsh.exe PID 2536 wrote to memory of 2900 2536 cmd.exe netsh.exe PID 320 wrote to memory of 2792 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 2792 320 applecleaner.exe cmd.exe PID 2792 wrote to memory of 3876 2792 cmd.exe netsh.exe PID 2792 wrote to memory of 3876 2792 cmd.exe netsh.exe PID 320 wrote to memory of 1800 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 1800 320 applecleaner.exe cmd.exe PID 1800 wrote to memory of 1928 1800 cmd.exe netsh.exe PID 1800 wrote to memory of 1928 1800 cmd.exe netsh.exe PID 320 wrote to memory of 3788 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 3788 320 applecleaner.exe cmd.exe PID 3788 wrote to memory of 4064 3788 cmd.exe netsh.exe PID 3788 wrote to memory of 4064 3788 cmd.exe netsh.exe PID 320 wrote to memory of 4192 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 4192 320 applecleaner.exe cmd.exe PID 4192 wrote to memory of 4636 4192 cmd.exe netsh.exe PID 4192 wrote to memory of 4636 4192 cmd.exe netsh.exe PID 320 wrote to memory of 4732 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 4732 320 applecleaner.exe cmd.exe PID 4732 wrote to memory of 4580 4732 cmd.exe ipconfig.exe PID 4732 wrote to memory of 4580 4732 cmd.exe ipconfig.exe PID 320 wrote to memory of 4296 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 4296 320 applecleaner.exe cmd.exe PID 4296 wrote to memory of 3888 4296 cmd.exe ipconfig.exe PID 4296 wrote to memory of 3888 4296 cmd.exe ipconfig.exe PID 320 wrote to memory of 4828 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 4828 320 applecleaner.exe cmd.exe PID 4828 wrote to memory of 2252 4828 cmd.exe ipconfig.exe PID 4828 wrote to memory of 2252 4828 cmd.exe ipconfig.exe PID 320 wrote to memory of 232 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 232 320 applecleaner.exe cmd.exe PID 232 wrote to memory of 4656 232 cmd.exe nbtstat.exe PID 232 wrote to memory of 4656 232 cmd.exe nbtstat.exe PID 320 wrote to memory of 2640 320 applecleaner.exe cmd.exe PID 320 wrote to memory of 2640 320 applecleaner.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\applecleaner.exe"C:\Users\Admin\AppData\Local\Temp\applecleaner.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Checks system information in the registry
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:320 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im EpicGamesLauncher.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
PID:1056 -
C:\Windows\system32\taskkill.exetaskkill /f /im EpicGamesLauncher.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4588 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im FortniteClient-Win64-Shipping.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
PID:1164 -
C:\Windows\system32\taskkill.exetaskkill /f /im FortniteClient-Win64-Shipping.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3340 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im Battle.net.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
PID:3948 -
C:\Windows\system32\taskkill.exetaskkill /f /im Battle.net.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4448 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start https://applecheats.cc2⤵PID:4004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://applecheats.cc/3⤵PID:1272
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c pause2⤵PID:1672
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:2372
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NETSH WINSOCK RESET >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
PID:2500 -
C:\Windows\system32\netsh.exeNETSH WINSOCK RESET3⤵PID:5024
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NETSH INT IP RESET >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
PID:4508 -
C:\Windows\system32\netsh.exeNETSH INT IP RESET3⤵PID:5004
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c netsh advfirewall reset >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
PID:2536 -
C:\Windows\system32\netsh.exenetsh advfirewall reset3⤵
- Modifies Windows Firewall
PID:2900 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NETSH INTERFACE IPV4 RESET >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
PID:2792 -
C:\Windows\system32\netsh.exeNETSH INTERFACE IPV4 RESET3⤵PID:3876
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NETSH INTERFACE IPV6 RESET >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
PID:1800 -
C:\Windows\system32\netsh.exeNETSH INTERFACE IPV6 RESET3⤵PID:1928
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NETSH INTERFACE TCP RESET >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
PID:3788 -
C:\Windows\system32\netsh.exeNETSH INTERFACE TCP RESET3⤵PID:4064
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NETSH INT RESET ALL >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
PID:4192 -
C:\Windows\system32\netsh.exeNETSH INT RESET ALL3⤵PID:4636
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c IPCONFIG /RELEASE >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
PID:4732 -
C:\Windows\system32\ipconfig.exeIPCONFIG /RELEASE3⤵
- Gathers network information
PID:4580 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c IPCONFIG /RELEASE >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
PID:4296 -
C:\Windows\system32\ipconfig.exeIPCONFIG /RELEASE3⤵
- Gathers network information
PID:3888 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c IPCONFIG /FLUSHDNS >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
PID:4828 -
C:\Windows\system32\ipconfig.exeIPCONFIG /FLUSHDNS3⤵
- Gathers network information
PID:2252 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NBTSTAT -R >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
PID:232 -
C:\Windows\system32\nbtstat.exeNBTSTAT -R3⤵PID:4656
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c NBTSTAT -RR >nul 2>&12⤵PID:2640
-
C:\Windows\system32\nbtstat.exeNBTSTAT -RR3⤵PID:4960
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c arp -a >nul 2>&12⤵PID:3796
-
C:\Windows\system32\ARP.EXEarp -a3⤵PID:4460
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c arp -d >nul 2>&12⤵PID:4344
-
C:\Windows\system32\ARP.EXEarp -d3⤵PID:5020
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c WMIC PATH WIN32_NETWORKADAPTER WHERE PHYSICALADAPTER=TRUE CALL DISABLE >nul 2>&12⤵PID:4116
-
C:\Windows\System32\Wbem\WMIC.exeWMIC PATH WIN32_NETWORKADAPTER WHERE PHYSICALADAPTER=TRUE CALL DISABLE3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4512
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=1336,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=4332 /prefetch:81⤵PID:5004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4880,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=3936 /prefetch:11⤵PID:1408
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=1340,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=4612 /prefetch:11⤵PID:4572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=5312,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:11⤵PID:1852
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=5452,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:81⤵PID:2152
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --field-trial-handle=5456,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:81⤵PID:4876