URL:

https://highstone.link/i/win/Launcher-HighStone-0.1.1.exe

Full analysis: https://app.any.run/tasks/0ef130b5-34f1-46e1-ac7d-14de12455f42
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Malware Trends Tracker     >>>
Analysis date: December 28, 2024, 07:10:50
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
stealer
arch-exec
arch-doc
nodejs
Indicators:
MD5:

114826E7AA062A425D06F1640293133A

SHA1:

C55EF71B4B5F337A145889B48BD97C68D2DE6F52

SHA256:

B2A5856A72020166F76C4B0777E5F1754A44092EE3554DB743487E72800FEF71

SSDEEP:

3:N8wONLAuLOK2ayRKHJn:2wYAuLl2j6n

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • Launcher-HighStone-0.1.1.exe (PID: 1580)

    • Changes powershell execution policy (Unrestricted)

      • HighStone.exe (PID: 3988)

    • Actions looks like stealing of personal data

      • HighStone.exe (PID: 3988)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Launcher-HighStone-0.1.1.exe (PID: 1580)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Launcher-HighStone-0.1.1.exe (PID: 1580)

    • The process creates files with name similar to system file names

      • Launcher-HighStone-0.1.1.exe (PID: 1580)

    • Get information on the list of running processes

      • Launcher-HighStone-0.1.1.exe (PID: 1580)
      • cmd.exe (PID: 836)

    • Starts CMD.EXE for commands execution

      • Launcher-HighStone-0.1.1.exe (PID: 1580)
      • HighStone.exe (PID: 3988)
      • NETSTAT.EXE (PID: 2076)
      • HighStone.exe (PID: 8976)
      • HighStone.exe (PID: 7000)
      • HighStone.exe (PID: 8164)

    • Reads security settings of Internet Explorer

      • Launcher-HighStone-0.1.1.exe (PID: 1580)

    • Checks Windows Trust Settings

      • Launcher-HighStone-0.1.1.exe (PID: 1580)

    • Drops 7-zip archiver for unpacking

      • Launcher-HighStone-0.1.1.exe (PID: 1580)

    • Process drops legitimate windows executable

      • Launcher-HighStone-0.1.1.exe (PID: 1580)

    • Application launched itself

      • HighStone.exe (PID: 3988)
      • HighStone.exe (PID: 8976)
      • HighStone.exe (PID: 7000)
      • HighStone.exe (PID: 8164)

    • Creates a software uninstall entry

      • Launcher-HighStone-0.1.1.exe (PID: 1580)

    • Starts application with an unusual extension

      • cmd.exe (PID: 5728)
      • cmd.exe (PID: 8384)
      • cmd.exe (PID: 8284)
      • cmd.exe (PID: 7444)

    • Executing commands from ".cmd" file

      • HighStone.exe (PID: 3988)

    • Checks for Java to be installed

      • java.exe (PID: 7744)

    • The process hides Powershell's copyright startup banner

      • HighStone.exe (PID: 3988)

    • Uses ROUTE.EXE to obtain the routing table information

      • cmd.exe (PID: 7404)

    • Starts POWERSHELL.EXE for commands execution

      • HighStone.exe (PID: 3988)

    • Using 'findstr.exe' to search for text patterns in files and output

      • cmd.exe (PID: 9716)

    • Uses NETSH.EXE to obtain data on the network

      • cmd.exe (PID: 7880)

    • Process uses IPCONFIG to discover network configuration

      • cmd.exe (PID: 9304)

  • INFO

    • Application launched itself

      • msedge.exe (PID: 6276)

    • Executable content was dropped or overwritten

      • msedge.exe (PID: 6616)
      • msedge.exe (PID: 6276)
      • msedge.exe (PID: 2792)

    • The sample compiled with russian language support

      • msedge.exe (PID: 6616)
      • Launcher-HighStone-0.1.1.exe (PID: 1580)
      • msedge.exe (PID: 6276)

    • Reads the computer name

      • identity_helper.exe (PID: 7824)
      • Launcher-HighStone-0.1.1.exe (PID: 1580)
      • HighStone.exe (PID: 3988)
      • HighStone.exe (PID: 7816)
      • HighStone.exe (PID: 4624)
      • HighStone.exe (PID: 8976)
      • HighStone.exe (PID: 7000)
      • HighStone.exe (PID: 8164)
      • HighStone.exe (PID: 10156)

    • The process uses the downloaded file

      • msedge.exe (PID: 7688)
      • msedge.exe (PID: 6276)
      • powershell.exe (PID: 7864)
      • powershell.exe (PID: 5556)
      • powershell.exe (PID: 1796)
      • powershell.exe (PID: 8012)
      • powershell.exe (PID: 7124)
      • powershell.exe (PID: 4640)
      • powershell.exe (PID: 7128)
      • powershell.exe (PID: 8028)
      • powershell.exe (PID: 7248)
      • powershell.exe (PID: 5752)
      • powershell.exe (PID: 188)
      • powershell.exe (PID: 9444)
      • powershell.exe (PID: 6520)
      • powershell.exe (PID: 7404)
      • powershell.exe (PID: 6412)
      • powershell.exe (PID: 4228)
      • powershell.exe (PID: 3260)
      • powershell.exe (PID: 4444)
      • powershell.exe (PID: 540)
      • powershell.exe (PID: 6524)
      • powershell.exe (PID: 9428)
      • powershell.exe (PID: 7244)
      • powershell.exe (PID: 3876)
      • powershell.exe (PID: 9468)
      • powershell.exe (PID: 5592)
      • powershell.exe (PID: 9556)
      • msedge.exe (PID: 8912)
      • powershell.exe (PID: 5156)
      • powershell.exe (PID: 8072)

    • Checks supported languages

      • identity_helper.exe (PID: 7824)
      • Launcher-HighStone-0.1.1.exe (PID: 1580)
      • chcp.com (PID: 7864)
      • HighStone.exe (PID: 848)
      • HighStone.exe (PID: 3988)
      • HighStone.exe (PID: 7816)
      • HighStone.exe (PID: 4624)
      • HighStone.exe (PID: 3692)
      • java.exe (PID: 7744)
      • chcp.com (PID: 7216)
      • HighStone.exe (PID: 8976)
      • HighStone.exe (PID: 7460)
      • HighStone.exe (PID: 7000)
      • chcp.com (PID: 2260)
      • HighStone.exe (PID: 8420)
      • HighStone.exe (PID: 6512)
      • HighStone.exe (PID: 8164)
      • chcp.com (PID: 9768)
      • HighStone.exe (PID: 10156)
      • HighStone.exe (PID: 3724)

    • Reads Environment values

      • identity_helper.exe (PID: 7824)
      • HighStone.exe (PID: 3988)
      • HighStone.exe (PID: 3692)
      • HighStone.exe (PID: 8976)
      • HighStone.exe (PID: 7000)
      • HighStone.exe (PID: 8164)

    • The sample compiled with english language support

      • Launcher-HighStone-0.1.1.exe (PID: 1580)
      • msedge.exe (PID: 2792)
      • msedge.exe (PID: 6276)
      • msedge.exe (PID: 6616)

    • Create files in a temporary directory

      • Launcher-HighStone-0.1.1.exe (PID: 1580)
      • HighStone.exe (PID: 3988)
      • java.exe (PID: 7744)

    • Checks proxy server information

      • Launcher-HighStone-0.1.1.exe (PID: 1580)
      • HighStone.exe (PID: 3988)

    • Reads the machine GUID from the registry

      • Launcher-HighStone-0.1.1.exe (PID: 1580)
      • HighStone.exe (PID: 10156)

    • Creates files or folders in the user directory

      • Launcher-HighStone-0.1.1.exe (PID: 1580)
      • HighStone.exe (PID: 848)
      • HighStone.exe (PID: 3988)
      • HighStone.exe (PID: 4624)
      • HighStone.exe (PID: 10156)

    • Reads the software policy settings

      • Launcher-HighStone-0.1.1.exe (PID: 1580)

    • Reads product name

      • HighStone.exe (PID: 3988)
      • HighStone.exe (PID: 3692)
      • HighStone.exe (PID: 8976)
      • HighStone.exe (PID: 7000)
      • HighStone.exe (PID: 8164)

    • Manual execution by a user

      • HighStone.exe (PID: 3988)
      • HighStone.exe (PID: 8976)
      • HighStone.exe (PID: 7000)
      • HighStone.exe (PID: 8164)
      • Taskmgr.exe (PID: 9908)
      • Taskmgr.exe (PID: 4684)

    • Changes the display of characters in the console

      • cmd.exe (PID: 5728)
      • cmd.exe (PID: 8384)
      • cmd.exe (PID: 8284)
      • cmd.exe (PID: 7444)

    • Process checks computer location settings

      • HighStone.exe (PID: 3988)
      • HighStone.exe (PID: 3692)

    • Prints a route via ROUTE.EXE

      • ROUTE.EXE (PID: 7536)

    • Creates files in the program directory

      • java.exe (PID: 7744)

    • Reads CPU info

      • HighStone.exe (PID: 3988)

    • Node.js compiler has been detected

      • HighStone.exe (PID: 3988)

    • Script raised an exception (POWERSHELL)

      • powershell.exe (PID: 4228)
      • powershell.exe (PID: 8072)

    • Checks if a key exists in the options dictionary (POWERSHELL)

      • powershell.exe (PID: 6412)

    • Reads security settings of Internet Explorer

      • Taskmgr.exe (PID: 4684)

    • Reads Microsoft Office registry keys

      • msedge.exe (PID: 6276)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
412
Monitored processes
271
Malicious processes
4
Suspicious processes
4

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs launcher-highstone-0.1.1.exe cmd.exe no specs conhost.exe no specs tasklist.exe no specs find.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs highstone.exe cmd.exe no specs conhost.exe no specs chcp.com no specs cmd.exe no specs conhost.exe no specs reg.exe no specs highstone.exe no specs reg.exe no specs conhost.exe no specs highstone.exe no specs highstone.exe no specs highstone.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs reg.exe no specs java.exe no specs cmd.exe no specs conhost.exe no specs netstat.exe no specs cmd.exe no specs route.exe no specs cmd.exe no specs conhost.exe no specs where.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs conhost.exe no specs powershell.exe no specs powershell.exe no specs powershell.exe no specs conhost.exe no specs cmd.exe no specs powershell.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs conhost.exe no specs icacls.exe no specs conhost.exe no specs reg.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs powershell.exe no specs conhost.exe no specs msedge.exe no specs msedge.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs powershell.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs findstr.exe no specs cmd.exe no specs conhost.exe no specs cmd.exe no specs conhost.exe no specs netsh.exe no specs cmd.exe no specs conhost.exe no specs ipconfig.exe no specs powershell.exe no specs conhost.exe no specs msedge.exe no specs highstone.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs cmd.exe no specs conhost.exe no specs reg.exe no specs highstone.exe no specs reg.exe no specs conhost.exe no specs highstone.exe no specs msedge.exe no specs highstone.exe no specs cmd.exe no specs conhost.exe no specs chcp.com no specs cmd.exe no specs conhost.exe no specs reg.exe no specs highstone.exe no specs reg.exe no specs conhost.exe no specs highstone.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs highstone.exe cmd.exe no specs conhost.exe no specs chcp.com no specs cmd.exe no specs conhost.exe no specs reg.exe no specs highstone.exe no specs reg.exe no specs conhost.exe no specs highstone.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs taskmgr.exe no specs taskmgr.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs highstone.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs winrar.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
68\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
188\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exereg.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
188powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHighStone.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
440"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6780 --field-trial-handle=2676,i,1625381376008746117,14727635420323675690,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
540powershell.exe -NoLogo -InputFormat Text -NoExit -ExecutionPolicy Unrestricted -Command -C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeHighStone.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows PowerShell
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\windowspowershell\v1.0\powershell.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
720C:\WINDOWS\system32\cmd.exe /d /s /c "perl -v"C:\Windows\System32\cmd.exeHighStone.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
836cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq HighStone.exe" | %SYSTEMROOT%\System32\find.exe "HighStone.exe"C:\Windows\SysWOW64\cmd.exeLauncher-HighStone-0.1.1.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
836\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exepowershell.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
848C:\Users\admin\AppData\Local\Programs\HighStone\HighStone.exe --type=crashpad-handler --user-data-dir=C:\Users\admin\AppData\Roaming\highstone /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\admin\AppData\Roaming\highstone\Crashpad --url=https://highstone.link/api/errors --annotation=_companyName=com.highstone.net --annotation=_productName=highstone --annotation=_version=0.1.1 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=21.2.1 --initial-client-data=0x4a0,0x498,0x4dc,0x494,0x4d4,0x7ff61af9b9a0,0x7ff61af9b9b0,0x7ff61af9b9c0C:\Users\admin\AppData\Local\Programs\HighStone\HighStone.exeHighStone.exe
User:
admin
Company:
HighStone
Integrity Level:
MEDIUM
Description:
HighStone
Version:
1
Modules
Images
c:\users\admin\appdata\local\programs\highstone\highstone.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1200\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
164 280
Read events
164 072
Write events
189
Delete events
19

Modification events

(PID) Process:(6276) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
63A84B90E5882F00
(PID) Process:(6276) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(6276) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(6276) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(6276) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:writeName:user_experience_metrics.stability.exited_cleanly
Value:
0
(PID) Process:(6276) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
4FE64190E5882F00
(PID) Process:(6276) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowProperties\328438
Operation:writeName:WindowTabManagerFileMappingId
Value:
{D43B6AF1-8C29-44F6-B595-8B4DB0F16325}
(PID) Process:(6276) msedge.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:writeName:S-1-5-21-1693682860-607145093-2874071422-1001
Value:
4AC87390E5882F00
(PID) Process:(6276) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Operation:writeName:MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A
Value:
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
(PID) Process:(6276) msedge.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\EdgeUpdate\Clients\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\Commands\on-logon-autolaunch
Operation:writeName:Enabled
Value:
0
Executable files
65
Suspicious files
1 374
Text files
284
Unknown types
9

Dropped files

PID
Process
Filename
Type
6276msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old~RF135259.TMP
MD5:
SHA256:
6276msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\PersistentOriginTrials\LOG.old
MD5:
SHA256:
6276msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old~RF135278.TMP
MD5:
SHA256:
6276msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old~RF135278.TMP
MD5:
SHA256:
6276msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\LOG.old
MD5:
SHA256:
6276msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\discounts_db\LOG.old
MD5:
SHA256:
6276msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old~RF135269.TMP
MD5:
SHA256:
6276msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\commerce_subscription_db\LOG.old
MD5:
SHA256:
6276msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old~RF135269.TMP
MD5:
SHA256:
6276msedge.exeC:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\parcel_tracking_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
51
TCP/UDP connections
175
DNS requests
186
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.53.40.178:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5064
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
1580
Launcher-HighStone-0.1.1.exe
GET
200
142.250.186.67:80
http://c.pki.goog/r/r4.crl
unknown
whitelisted
1580
Launcher-HighStone-0.1.1.exe
GET
200
142.250.186.67:80
http://c.pki.goog/r/gsr1.crl
unknown
whitelisted
8000
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
8000
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
2800
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
10088
svchost.exe
HEAD
200
217.20.57.18:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/9cf951df-e7db-4d00-b0fc-02131f5ca303?P1=1735952355&P2=404&P3=2&P4=Fu76wFTPcPOPnipaEvs7d4zQUndAs8cyi44xpfWdsDxVABXwWs5mzzzH5QGAe4dBu2%2faAFC1SErCA%2f218ERQIQ%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4712
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.53.40.178:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
364
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
184.86.251.22:443
www.bing.com
Akamai International B.V.
DE
whitelisted
5064
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
6276
msedge.exe
239.255.255.250:1900
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 4.231.128.59
whitelisted
google.com
  • 142.250.181.238
whitelisted
crl.microsoft.com
  • 23.53.40.178
  • 23.53.40.176
whitelisted
www.bing.com
  • 184.86.251.22
  • 184.86.251.19
  • 184.86.251.27
  • 92.123.104.34
  • 92.123.104.28
  • 92.123.104.38
  • 92.123.104.33
  • 92.123.104.32
  • 2.23.209.187
  • 2.23.209.140
  • 2.23.209.133
  • 2.23.209.148
  • 2.23.209.182
  • 2.23.209.185
  • 2.23.209.176
  • 2.23.209.179
  • 2.23.209.189
  • 2.23.209.149
  • 2.23.209.165
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
www.microsoft.com
  • 184.30.21.171
  • 95.101.149.131
whitelisted
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
highstone.link
  • 188.114.96.3
  • 188.114.97.3
unknown
business.bing.com
  • 13.107.6.158
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://highstone.link/i/win/Launcher-HighStone-0.1.1.exe