Windows Analysis Report
pgsql.exe

Overview

General Information

Sample name: pgsql.exe
Analysis ID: 1431416
MD5: dc17be1cd14d4671be693887310c64a1
SHA1: a6b37e239aaed421ffac023406483d2c8a14e932
SHA256: d18019064e5903dcf7c29921c10a7a90176cccd55d9cf3ba1e3e9805c1364df1
Tags: exe
Infos:

Detection

Score: 25
Range: 0 - 100
Whitelisted: false
Confidence: 60%

Signatures

Potentially malicious time measurement code found
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Creates or modifies windows services
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
PE file contains an invalid checksum
PE file contains more sections than normal
PE file contains sections with non-standard names

Classification

Source: pgsql.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\pgsql.exe Code function: 4x nop then mov rsi, r9 0_2_00007FF6B51AC4A0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 4x nop then mov rdi, 0000800000000000h 0_2_00007FF6B51AAFC0
Contains functionality to call native functions
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51E8D20 SetWaitableTimer,NtWaitForSingleObject, 0_2_00007FF6B51E8D20
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51E8CE0 NtWaitForSingleObject, 0_2_00007FF6B51E8CE0
Detected potential crypto function
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B5205660 0_2_00007FF6B5205660
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51D866E 0_2_00007FF6B51D866E
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B52126A0 0_2_00007FF6B52126A0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B5208560 0_2_00007FF6B5208560
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B5187580 0_2_00007FF6B5187580
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51B55C0 0_2_00007FF6B51B55C0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51965C0 0_2_00007FF6B51965C0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B521E620 0_2_00007FF6B521E620
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B5211860 0_2_00007FF6B5211860
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51C88E0 0_2_00007FF6B51C88E0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51A2900 0_2_00007FF6B51A2900
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51A7760 0_2_00007FF6B51A7760
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B521C740 0_2_00007FF6B521C740
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51AD7A0 0_2_00007FF6B51AD7A0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51EE7E0 0_2_00007FF6B51EE7E0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51867E0 0_2_00007FF6B51867E0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B5195820 0_2_00007FF6B5195820
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B5224260 0_2_00007FF6B5224260
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B521B2A0 0_2_00007FF6B521B2A0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51F92E0 0_2_00007FF6B51F92E0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51C01A0 0_2_00007FF6B51C01A0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B520B1C0 0_2_00007FF6B520B1C0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B521C220 0_2_00007FF6B521C220
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51C5200 0_2_00007FF6B51C5200
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51AB460 0_2_00007FF6B51AB460
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B519A440 0_2_00007FF6B519A440
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51AC4A0 0_2_00007FF6B51AC4A0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51BF480 0_2_00007FF6B51BF480
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B518D480 0_2_00007FF6B518D480
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B5222480 0_2_00007FF6B5222480
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51A5360 0_2_00007FF6B51A5360
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51B9340 0_2_00007FF6B51B9340
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B520F3A0 0_2_00007FF6B520F3A0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B52153C0 0_2_00007FF6B52153C0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51A8420 0_2_00007FF6B51A8420
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51BC400 0_2_00007FF6B51BC400
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51E3EA9 0_2_00007FF6B51E3EA9
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B519AE80 0_2_00007FF6B519AE80
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51E0E80 0_2_00007FF6B51E0E80
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B5211EE0 0_2_00007FF6B5211EE0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B521EEE0 0_2_00007FF6B521EEE0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B5210F20 0_2_00007FF6B5210F20
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B518AD80 0_2_00007FF6B518AD80
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51CF080 0_2_00007FF6B51CF080
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51870C0 0_2_00007FF6B51870C0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51A1120 0_2_00007FF6B51A1120
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B5212120 0_2_00007FF6B5212120
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51EEFE0 0_2_00007FF6B51EEFE0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51F7FE0 0_2_00007FF6B51F7FE0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51AAFC0 0_2_00007FF6B51AAFC0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B518E006 0_2_00007FF6B518E006
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51BEA40 0_2_00007FF6B51BEA40
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B519AAA0 0_2_00007FF6B519AAA0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51C1A80 0_2_00007FF6B51C1A80
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51B8AE0 0_2_00007FF6B51B8AE0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51F0AE0 0_2_00007FF6B51F0AE0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51D0AE0 0_2_00007FF6B51D0AE0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B52059A0 0_2_00007FF6B52059A0
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B5221C40 0_2_00007FF6B5221C40
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B5223D20 0_2_00007FF6B5223D20
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B521ED00 0_2_00007FF6B521ED00
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B518EB80 0_2_00007FF6B518EB80
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\pgsql.exe Code function: String function: 00007FF6B51CFC00 appears 37 times
Source: C:\Users\user\Desktop\pgsql.exe Code function: String function: 00007FF6B51B7F40 appears 580 times
Source: C:\Users\user\Desktop\pgsql.exe Code function: String function: 00007FF6B51B9900 appears 56 times
Source: C:\Users\user\Desktop\pgsql.exe Code function: String function: 00007FF6B51BA180 appears 569 times
PE file contains more sections than normal
Source: pgsql.exe Static PE information: Number of sections : 12 > 10
Source: pgsql.exe Binary or memory string: zbuEJo.oOQoGQTtLESMDr.SLnvxsO
Source: pgsql.exe Binary or memory string: sMmNygSDUz.SLNKyjfTkFOOqmCPV.RciXzjq.vXKzeZ
Source: pgsql.exe Binary or memory string: cHmkDZSPVMQxMzhwcCxPUnhdaKIWDAEPDY.nQYbMvdAlM.vbpKEt
Source: classification engine Classification label: sus25.evad.winEXE@1/0@0/0
Source: C:\Users\user\Desktop\pgsql.exe File opened: C:\Windows\system32\cbcf1d36f29c91c433ae392debd6264f3491cfd0e324f51b0fd96b23beea3c0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Jump to behavior
Source: pgsql.exe Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_8BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_2048BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\pgsql.exe Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: pgsql.exe String found in binary or memory: &tools/cmd/acc/agent_acc/handler/loader
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).execute.func16
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).execute.func11
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).execute.func10
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).inline.func2
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).inline.func1
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).inline.func3
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).execute.func9
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).execute.func8
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).uninstall.func3
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.VirtualProtect_LoadDLL.func2
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.VirtualProtect_LoadDLL.func1
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.WaitForSingleObject_LoadDLL.func1
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.WaitForSingleObject_LoadDLL.func2
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).inline.func9
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).inline.func4
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.scErase
Source: pgsql.exe String found in binary or memory: ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic B
Source: pgsql.exe String found in binary or memory: ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic B
Source: pgsql.exe String found in binary or memory: sse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAug
Source: pgsql.exe String found in binary or memory: sse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAug
Source: pgsql.exe String found in binary or memory: sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBa
Source: pgsql.exe String found in binary or memory: sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBa
Source: pgsql.exe String found in binary or memory: scav schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-
Source: pgsql.exe String found in binary or memory: scav schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-
Source: pgsql.exe String found in binary or memory: m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLI
Source: pgsql.exe String found in binary or memory: m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLI
Source: pgsql.exe String found in binary or memory: max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLe
Source: pgsql.exe String found in binary or memory: max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLe
Source: pgsql.exe String found in binary or memory: list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKh
Source: pgsql.exe String found in binary or memory: list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKh
Source: pgsql.exe String found in binary or memory: next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLo
Source: pgsql.exe String found in binary or memory: next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLo
Source: pgsql.exe String found in binary or memory: min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthL
Source: pgsql.exe String found in binary or memory: min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthL
Source: pgsql.exe String found in binary or memory: min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLe
Source: pgsql.exe String found in binary or memory: min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLe
Source: pgsql.exe String found in binary or memory: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHa
Source: pgsql.exe String found in binary or memory: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHa
Source: pgsql.exe String found in binary or memory: ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHa
Source: pgsql.exe String found in binary or memory: ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHa
Source: pgsql.exe String found in binary or memory: jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKa
Source: pgsql.exe String found in binary or memory: jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKa
Source: pgsql.exe String found in binary or memory: free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHe
Source: pgsql.exe String found in binary or memory: free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHe
Source: pgsql.exe String found in binary or memory: goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHy
Source: pgsql.exe String found in binary or memory: goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHy
Source: pgsql.exe String found in binary or memory: addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFr
Source: pgsql.exe String found in binary or memory: addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFr
Source: pgsql.exe String found in binary or memory: B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEEx
Source: pgsql.exe String found in binary or memory: B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEEx
Source: pgsql.exe String found in binary or memory: Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFo
Source: pgsql.exe String found in binary or memory: Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFo
Source: pgsql.exe String found in binary or memory: base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGe
Source: pgsql.exe String found in binary or memory: base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGe
Source: pgsql.exe String found in binary or memory: code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGo
Source: pgsql.exe String found in binary or memory: code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGo
Source: pgsql.exe String found in binary or memory: alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGO
Source: pgsql.exe String found in binary or memory: alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGO
Source: pgsql.exe String found in binary or memory: usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCooki
Source: pgsql.exe String found in binary or memory: usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCooki
Source: pgsql.exe String found in binary or memory: , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPragmaRejangSC
Source: pgsql.exe String found in binary or memory: , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPragmaRejangSC
Source: pgsql.exe String found in binary or memory: span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMo
Source: pgsql.exe String found in binary or memory: span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMo
Source: pgsql.exe String found in binary or memory: p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLy
Source: pgsql.exe String found in binary or memory: p->m= prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLy
Source: pgsql.exe String found in binary or memory: prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLy
Source: pgsql.exe String found in binary or memory: prev= span=% util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLy
Source: pgsql.exe String found in binary or memory: (...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPr
Source: pgsql.exe String found in binary or memory: (...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPr
Source: pgsql.exe String found in binary or memory: , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPragmaRe
Source: pgsql.exe String found in binary or memory: , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPragmaRe
Source: pgsql.exe String found in binary or memory: % util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPA
Source: pgsql.exe String found in binary or memory: % util(...) , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPA
Source: pgsql.exe String found in binary or memory: (...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPr
Source: pgsql.exe String found in binary or memory: (...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPr
Source: pgsql.exe String found in binary or memory: code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGo
Source: pgsql.exe String found in binary or memory: code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGo
Source: pgsql.exe String found in binary or memory: addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFr
Source: pgsql.exe String found in binary or memory: addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFr
Source: pgsql.exe String found in binary or memory: span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMo
Source: pgsql.exe String found in binary or memory: span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMo
Source: pgsql.exe String found in binary or memory: list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKh
Source: pgsql.exe String found in binary or memory: list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKh
Source: pgsql.exe String found in binary or memory: prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLy
Source: pgsql.exe String found in binary or memory: prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLy
Source: pgsql.exe String found in binary or memory: B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEEx
Source: pgsql.exe String found in binary or memory: B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEEx
Source: pgsql.exe String found in binary or memory: base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGe
Source: pgsql.exe String found in binary or memory: base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGe
Source: pgsql.exe String found in binary or memory: alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGO
Source: pgsql.exe String found in binary or memory: alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGO
Source: pgsql.exe String found in binary or memory: scav schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-
Source: pgsql.exe String found in binary or memory: scav schedsleepslicesockssse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-
Source: pgsql.exe String found in binary or memory: next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLo
Source: pgsql.exe String found in binary or memory: next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLo
Source: pgsql.exe String found in binary or memory: jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKa
Source: pgsql.exe String found in binary or memory: jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKa
Source: pgsql.exe String found in binary or memory: usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCooki
Source: pgsql.exe String found in binary or memory: usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCooki
Source: pgsql.exe String found in binary or memory: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHa
Source: pgsql.exe String found in binary or memory: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHa
Source: pgsql.exe String found in binary or memory: goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHy
Source: pgsql.exe String found in binary or memory: goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHy
Source: pgsql.exe String found in binary or memory: Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFo
Source: pgsql.exe String found in binary or memory: Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFo
Source: pgsql.exe String found in binary or memory: ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHa
Source: pgsql.exe String found in binary or memory: ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHa
Source: pgsql.exe String found in binary or memory: max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLe
Source: pgsql.exe String found in binary or memory: max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLe
Source: pgsql.exe String found in binary or memory: min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLe
Source: pgsql.exe String found in binary or memory: min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLe
Source: pgsql.exe String found in binary or memory: sse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAug
Source: pgsql.exe String found in binary or memory: sse41sse42ssse3stdinsudogsweeptext/tls: traceuint8usageutf-8write B -> Value addr= alloc base code= ctxt: curg= free goid jobs= list= m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAug
Source: pgsql.exe String found in binary or memory: m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLI
Source: pgsql.exe String found in binary or memory: m->p= max= min= next= p->m= prev= span=% util(...), i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLI
Source: pgsql.exe String found in binary or memory: &tools/cmd/acc/agent_acc/handler/loader
Source: pgsql.exe String found in binary or memory: json:"tls_enable,omitempty"&tools/cmd/acc/agent_acc/handler/loader&bnWYbg/mhgZZS.tWe/x/FNA/nsr/eqUCBjiySn&TEcILS/WFVcyA.jFL/Q/pFH/IBwj/TeGvAavKm&*uCTW.AphXCtplHTjObaWtfGguXdKEIoKDeYqd&*mGKJ.nwMFmMagttjnjpQoDMBEpMYPPxSAXbqS&*nFrW.tftpzwbIozIAUyBiqPtLMpHkyPmGfVzU&*XAXq() (LYLfWG.kapmZOZ, xoNkA, muoOq)&*gYCi(*ZKEd.iDPbWGg) (*GMh.ydH, gVOHA)&*Nfnq(*XQiNNts.G, PagEar.QkNFyJA) itBv&*csoD(UeT, zHFPoNdBq.VAcBOTFqjF) uBnKc&*ZZUW(djTFer, *mLi.IPjnkwLimQkaaiclQA)&*map.bucket[context.canceler]struct {}&*map.bucket[hpack.pairNameValue]uint64&*map.bucket[http.cancelKey]func(error)&*map.bucket[http.http2FrameType]string&*map.bucket[http.http2SettingID]string&*map.bucket[net.hostLookupOrder]string&*map.bucket[runtime.winCallbackKey]int&*map.bucket[string]*http.http2dialCall&*map.bucket[string]*unicode.RangeTable&*map.bucket[uint64]model.HandleRegInfo&*struct { F uintptr; R *net.Resolver }&*struct { F uintptr; errc chan error }
Source: pgsql.exe String found in binary or memory: , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPragmaRejangSCHED STREETServerStringSundaySyriacSystemTai_LeTangutTeluguThaanaTypeMXTypeNSUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11WanchoX25519Yezidi[]byteacceptactiveavx512chan<-closedcookiedomainefenceempty exec: expectfinishgopherhangupheaderinternip+netkilledlistenminutenetdnsobjectoriginpopcntrdrandrdseedrdtscpremoverenamereturnrune1 secondselectsendtoserversocketsocks socks5statusstdoutstringstructsweep sysmontelnettimersuint16uint32uint64x86_64 %v=%v, (conn) (scan (scan) MB in Value> allocs dying= flags= len=%d locks= m->g0= nmsys= pad1= pad2= s=nil
Source: pgsql.exe String found in binary or memory: , i = , not , val --help.local.onion390625<-chanAcceptAnswerArabicAugustBasic BrahmiCANCELCLOSEDCarianChakmaCommonCookieCopticDELETEExpectFormatFridayGOAWAYGetACPGothicHangulHatranHebrewHyphenKaithiKhojkiLISTENLengthLepchaLockedLycianLydianMondayPADDEDPragmaRejangSCHED STREETServerStringSundaySyriacSystemTai_LeTangutTeluguThaanaTypeMXTypeNSUTC+12UTC+13UTC-02UTC-08UTC-09UTC-11WanchoX25519Yezidi[]byteacceptactiveavx512chan<-closedcookiedomainefenceempty exec: expectfinishgopherhangupheaderinternip+netkilledlistenminutenetdnsobjectoriginpopcntrdrandrdseedrdtscpremoverenamereturnrune1 secondselectsendtoserversocketsocks socks5statusstdoutstringstructsweep sysmontelnettimersuint16uint32uint64x86_64 %v=%v, (conn) (scan (scan) MB in Value> allocs dying= flags= len=%d locks= m->g0= nmsys= pad1= pad2= s=nil
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).uninstall.func3
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).execute.func8
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).execute.func9
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).execute.func10
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).execute.func11
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).execute.func16
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).inline.func1
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).inline.func2
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).inline.func3
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).inline.func4
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.(*handleReflectDllInject).inline.func9
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.scErase
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.WaitForSingleObject_LoadDLL.func1
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.WaitForSingleObject_LoadDLL.func2
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.VirtualProtect_LoadDLL.func1
Source: pgsql.exe String found in binary or memory: tools/cmd/acc/agent_acc/handler/loader.VirtualProtect_LoadDLL.func2
Source: C:\Users\user\Desktop\pgsql.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\pgsql.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\pgsql.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Users\user\Desktop\pgsql.exe Section loaded: umpdc.dll Jump to behavior
Source: pgsql.exe Static PE information: Virtual size of .text is bigger than: 0x100000
Source: pgsql.exe Static PE information: Image base 0x140000000 > 0x60000000
Source: pgsql.exe Static file information: File size 6980608 > 1048576
Source: pgsql.exe Static PE information: Raw size of .text is bigger than: 0x100000 < 0x355600
Source: pgsql.exe Static PE information: Raw size of .rdata is bigger than: 0x100000 < 0x2f3800
Source: pgsql.exe Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
PE file contains an invalid checksum
Source: pgsql.exe Static PE information: real checksum: 0x6af86d should be: 0x6ab1b0
PE file contains sections with non-standard names
Source: pgsql.exe Static PE information: section name: .xdata
Creates or modifies windows services
Source: C:\Users\user\Desktop\pgsql.exe Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr Jump to behavior
Source: C:\Users\user\Desktop\pgsql.exe Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\pgsql.exe Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51E6DE0 rdtscp 0_2_00007FF6B51E6DE0
Source: pgsql.exe Binary or memory string: *PLHm.GxVmcIfGt
Source: pgsql.exe Binary or memory string: nfRzEdOpxZLudVweGaeclPihGFsQHwq.BXGrTsJPHVWnMiphnGh.kgoNajGT.svyXL
Source: pgsql.exe Binary or memory string: rLYDmISkQe.FSnOHEKOPrqECGi.KcVeeiwIGhGfSFYycHeBWhzt
Source: pgsql.exe, 00000000.00000002.1641435921.00000264D5FC3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Anti Debugging
barindex
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51E6DE0 Start: 00007FF6B51E6DE9 End: 00007FF6B51E6DFF 0_2_00007FF6B51E6DE0
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B51E6DE0 rdtscp 0_2_00007FF6B51E6DE0
Enables debug privileges
Source: C:\Users\user\Desktop\pgsql.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B5882674 SetUnhandledExceptionFilter, 0_2_00007FF6B5882674
Source: C:\Users\user\Desktop\pgsql.exe Code function: 0_2_00007FF6B5181190 Sleep,Sleep,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_initterm,GetStartupInfoA, 0_2_00007FF6B5181190
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 process2 2 Behavior Graph ID: 1431416 Sample: pgsql.exe Startdate: 25/04/2024 Architecture: WINDOWS Score: 25 4 pgsql.exe 1 2->4         started        signatures3 7 Potentially malicious time measurement code found 4->7
No contacted IP infos