Report - registry-finder.com/bin/2.59.0.0/RegistryFinder64.zip

Report Overview

Submitted URL
registry-finder.com/bin/2.59.0.0/RegistryFinder64.zip
IP
87.236.16.222
ASN
#198610 Beget LLC
Submitted
2024-05-10 16:23:42
Access
public
Website Title
about:privatebrowsing
Final URL
about:privatebrowsing
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
6

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
registry-finder.com	unknown	2014-06-09	2014-11-05	2023-12-18	507 B	4.5 MB	87.236.16.222

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
registry-finder.com/bin/2.59.0.0/RegistryFinder64.zip
IP
87.236.16.222
ASN
#198610 Beget LLC

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
4.5 MB (4476381 bytes)
Hash
448d3735f7d836afd209caf5061b7536
15e9c10b9d8e5b7d06b963a0eb4bfe8c734848e4
0c43bb2deeab65ae24e3855a55861b2ebb02658425f3c5f3c66c9c9d47c89b30

Archive (42)

Filename

Md5

File type

CommandLine.txt

3dfd421b837757f622978186aa5e4a34

ASCII text, with CRLF line terminators

ContextMenu-Add.bat

cdbfe75cf2abe91e574a986ff562ae31

DOS batch file, ASCII text, with CRLF line terminators

ContextMenu-Remove.bat

bf4eb57a26e7d736ec79f01d1e07338b

DOS batch file, ASCII text, with CRLF line terminators

CrashRpt1403.dll

c88358d185b3095daf4b23fef3224eaa

PE32+ executable (DLL) (GUI) x86-64, for MS Windows, 6 sections

crashrpt_lang.ini

0b46f5e01a1edcf2ad3c85134cbb8659

Unicode text, UTF-16, little-endian text, with CRLF line terminators

CrashSender1403.exe

527d880d60c21dd8f969338b3cd6d21d

PE32+ executable (GUI) x86-64, for MS Windows, 6 sections

MakeLang.exe

b4c01c116e8b19b34674715d736372f6

PE32 executable (console) Intel 80386, for MS Windows, 5 sections

NReg.exe

a7336f308265016d92a00b1378f92b05

PE32+ executable (console) x86-64, for MS Windows, 6 sections

offreg.dll

bae552ff3336be42a87ae84a84077cf1

PE32+ executable (DLL) (console) Aarch64, for MS Windows, 7 sections

offreg.dll

7728f324432b843b42df552a362ef482

PE32 executable (DLL) (console) ARMv7 Thumb, for MS Windows, 7 sections

offreg.dll

4830b0f82cad1b3315cdaecdd8cd0f98

PE32+ executable (DLL) (console) x86-64, for MS Windows, 7 sections

offreg.dll

edd1039526c4a55f13f7834a587d4989

PE32 executable (DLL) (console) Intel 80386, for MS Windows, 6 sections

RegFileAssoc-Add.bat

e40403342a71dcca2f6373eaa7cdf33d

DOS batch file, ASCII text, with CRLF line terminators

RegFileAssoc-Remove.bat

402d0cc2089a8d5c1c49788695e1d35c

DOS batch file, ASCII text, with CRLF line terminators

RegistryFinder.com

d4d2a578f059f2816e2e6ab7bf0b2ce3

PE32+ executable (console) x86-64, for MS Windows, 6 sections

RegistryFinder.exe

eb13712aed1185f55910f381b19e064b

PE32+ executable (GUI) x86-64, for MS Windows, 7 sections

RegistryFinder.VisualElementsManifest.xml

991f8a494137e9652dbd2ec77ea821b2

XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

RegistryFinderTile.png

bf8d68a1f4a69fa87607e86b4eb5b3ba

PNG image data, 150 x 150, 8-bit/color RGBA, non-interlaced

!readme.txt

5b2805a8d498ab4e1fb1c0a71ac70637

ASCII text, with CRLF line terminators

AddressBarGo.ico

00652dc6978ba8cf0cc0260dcaa94bfb

MS Windows icon resource - 3 icons, 96x96, 32 bits/pixel, 48x48, 32 bits/pixel

Backward.ico

af36efa6a90255be766f402093b4228f

MS Windows icon resource - 7 icons, 96x96, 32 bits/pixel, 72x72, 32 bits/pixel

Copy.ico

58185e877023f301a89a1001f9fe529e

MS Windows icon resource - 4 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel

Delete.ico

2f299d5169479364f598f893a78d0c2a

MS Windows icon resource - 4 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel

Export.svg

0fbc77da5162ec11e606cb16f3ef617b

SVG Scalable Vector Graphics image

Favorites-Outline.svg

8f61dc3b8aff72a7d7dcb9ed7f41ea7e

SVG Scalable Vector Graphics image

Favorites.svg

45a8ea9450458a46f86fbd34980afa53

SVG Scalable Vector Graphics image

FavoritesLink.svg

5947d8005409f7998293853e341b04aa

SVG Scalable Vector Graphics image

Filter.svg

90ad9ad7f64011d68d5cf62119b2d5a1

SVG Scalable Vector Graphics image

Forward.ico

edef6b04fce2ba8ede5d75d22fef32de

MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel

LevelUp.svg

fd8e5a21bc86dc99c7565e9a21fa54b5

SVG Scalable Vector Graphics image

LocalRegistry.ico

1b7cfd3b64f609eafff77aa50b831213

MS Windows icon resource - 8 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 64x64, 32 bits/pixel

NextResult.ico

677cadf5f03571b5a8a8ecbbbb94b9cf

MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel

OfflineRegistry.svg

4a26d25357ae569067157155e27c9bab

SVG Scalable Vector Graphics image

Paste.ico

02b9054bf2ae28a2554ccc56be13a6b7

MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel

PrevResult.ico

4df1923bc97b0fba498f4cc2e8fa7159

MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel

Redo.svg

ce9c3d7e85d23693eff48222989332eb

SVG Scalable Vector Graphics image

Refresh.svg

08feb1848d182d3174a51be3c1f90c25

SVG Scalable Vector Graphics image

RegistryFinder.ico

bbea9b55138bbdc1d589d3a3e4559773

MS Windows icon resource - 9 icons, 256x256, 32 bits/pixel, -128x-128, 32 bits/pixel

RemoteRegistry.ico

3bdf846388737af372e210f38adac8fc

MS Windows icon resource - 8 icons, 256x256 with PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 64x64, 32 bits/pixel

Replace.svg

779aafa318c9ff9008ceb386a91292c3

SVG Scalable Vector Graphics image

Shield.svg

2fbd5942fd18cfe009be215fb74e34a7

SVG Scalable Vector Graphics image

Undo.svg

71dcc761479ab455bbc816d7ace93112

SVG Scalable Vector Graphics image

Detections

Analyzer	Verdict	Alert
Malpedia's yara-signator rules	malware	Detects win.lockergoga.
YARAhub by abuse.ch	malware	files - file ~tmp01925d3f.exe
YARAhub by abuse.ch	malware	meth_stackstrings

JavaScript (0)

HTTP Transactions (1)

URL IP Response Size

	URL	IP	Response	Size
	registry-finder.com/bin/2.59.0.0/RegistryFinder64.zip	87.236.16.222	200 OK	4.5 MB
URL User Request GET HTTP/2 registry-finder.com/bin/2.59.0.0/RegistryFinder64.zip IP 87.236.16.222:443 ASN #198610 Beget LLC Certificate IssuerLet's Encrypt Subjectregistry-finder.com Fingerprint59:17:B2:CF:F7:90:53:A1:21:94:F4:01:38:AD:7A:02:E3:16:88:1E ValidityFri, 15 Mar 2024 04:34:18 GMT - Thu, 13 Jun 2024 04:34:17 GMT File type Zip archive data, at least v2.0 to extract, compression method=deflate Size 4.5 MB (4476381 bytes) Hash 448d3735f7d836afd209caf5061b7536 15e9c10b9d8e5b7d06b963a0eb4bfe8c734848e4 0c43bb2deeab65ae24e3855a55861b2ebb02658425f3c5f3c66c9c9d47c89b30 HTTP Headers `GET /bin/2.59.0.0/RegistryFinder64.zip HTTP/1.1 Host: registry-finder.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache` `HTTP/2 200 OK server: nginx-reuseport/1.21.1 date: Fri, 10 May 2024 16:23:14 GMT content-type: application/zip content-length: 4476381 last-modified: Mon, 29 Apr 2024 10:37:46 GMT etag: "662f787a-444ddd" expires: Sun, 09 Jun 2024 16:23:14 GMT cache-control: max-age=2592000 accept-ranges: bytes X-Firefox-Spdy: h2`

registry-finder.com/bin/2.59.0.0/RegistryFinder64.zip

87.236.16.222

200 OK

4.5 MB

URL User Request GET HTTP/2
registry-finder.com/bin/2.59.0.0/RegistryFinder64.zip
IP
87.236.16.222:443
ASN
#198610 Beget LLC

Certificate
IssuerLet's Encrypt
Subjectregistry-finder.com
Fingerprint59:17:B2:CF:F7:90:53:A1:21:94:F4:01:38:AD:7A:02:E3:16:88:1E
ValidityFri, 15 Mar 2024 04:34:18 GMT - Thu, 13 Jun 2024 04:34:17 GMT

File type
Zip archive data, at least v2.0 to extract, compression method=deflate
Size
4.5 MB (4476381 bytes)
Hash
448d3735f7d836afd209caf5061b7536
15e9c10b9d8e5b7d06b963a0eb4bfe8c734848e4
0c43bb2deeab65ae24e3855a55861b2ebb02658425f3c5f3c66c9c9d47c89b30

HTTP Headers

GET /bin/2.59.0.0/RegistryFinder64.zip HTTP/1.1
Host: registry-finder.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx-reuseport/1.21.1
date: Fri, 10 May 2024 16:23:14 GMT
content-type: application/zip
content-length: 4476381
last-modified: Mon, 29 Apr 2024 10:37:46 GMT
etag: "662f787a-444ddd"
expires: Sun, 09 Jun 2024 16:23:14 GMT
cache-control: max-age=2592000
accept-ranges: bytes
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

Files detected

URL

IP

ASN

File type

Size

Hash

Archive (42)

Detections

JavaScript (0)

HTTP Transactions (1)

URL User Request GET HTTP/2

IP

ASN

Certificate

File type

Size

Hash

HTTP Headers