hxxps://product-downloads[.]atlassian[.]com/software/sourcetree/windows/ga/SourceTreeSetup-3[.]4[.]18[.]exe

Resubmissions

25/08/2024, 20:44

240825-zh4xastgjb 8

25/08/2024, 20:39

240825-zfmv1avgnn 8

Analysis

max time kernel
328s
max time network
327s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://product-downloads.atlassian.com/software/sourcetree/windows/ga/SourceTreeSetup-3.4.18.exe

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	SourceTree.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Control Panel\International\Geo\Nation	Update.exe

Executes dropped EXE 22 IoCs

pid	Process
6104	SourceTreeSetup-3.4.18.exe
4736	Update.exe
4956	SourceTree.exe
5980	SourceTree.exe
5924	7z.exe
976	7z.exe
5044	7z.exe
5620	git.exe
5724	git.exe
5504	git.exe
5532	git.exe
4448	git.exe
3528	git.exe
1536	git.exe
1404	git.exe
2760	pageant.exe
944	git.exe
2424	git.exe
5052	git.exe
2588	git.exe
408	git.exe
752	git.exe

Loads dropped DLL 45 IoCs

pid	Process
5924	7z.exe
976	7z.exe
5044	7z.exe
5724	git.exe
5724	git.exe
5724	git.exe
5724	git.exe
5724	git.exe
5724	git.exe
5532	git.exe
5532	git.exe
5532	git.exe
5532	git.exe
5532	git.exe
5532	git.exe
3528	git.exe
3528	git.exe
3528	git.exe
3528	git.exe
3528	git.exe
3528	git.exe
1404	git.exe
1404	git.exe
1404	git.exe
1404	git.exe
1404	git.exe
1404	git.exe
2424	git.exe
2424	git.exe
2424	git.exe
2424	git.exe
2424	git.exe
2424	git.exe
2588	git.exe
2588	git.exe
2588	git.exe
2588	git.exe
2588	git.exe
2588	git.exe
752	git.exe
752	git.exe
752	git.exe
752	git.exe
752	git.exe
752	git.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SourceTreeSetup-3.4.18.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Update.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	git.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	git.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	git.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	git.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	git.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	git.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	git.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	git.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	git.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	git.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	git.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	git.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	git.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	git.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\SourceTree.exe = "99999"	SourceTree.exe

Modifies registry class 42 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	SourceTree.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	SourceTree.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	SourceTree.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	SourceTree.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	SourceTree.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\sourcetree\DefaultIcon	SourceTree.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	SourceTree.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	SourceTree.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	SourceTree.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	SourceTree.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	SourceTree.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	SourceTree.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	SourceTree.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\sourcetree\shell\open	SourceTree.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	SourceTree.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	SourceTree.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	SourceTree.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\sourcetree\shell\open\command	SourceTree.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	SourceTree.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	SourceTree.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	SourceTree.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	SourceTree.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	SourceTree.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	SourceTree.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\sourcetree\ = "URL:sourcetree Protocol"	SourceTree.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\sourcetree\shell	SourceTree.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	SourceTree.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	SourceTree.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	SourceTree.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	SourceTree.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	SourceTree.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	SourceTree.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\sourcetree\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\SourceTree\\app-3.4.18\\SourceTree.exe\" -url \"%1\""	SourceTree.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	SourceTree.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	SourceTree.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\sourcetree	SourceTree.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\sourcetree\URL Protocol	SourceTree.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	SourceTree.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	SourceTree.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	SourceTree.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	SourceTree.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\sourcetree\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\SourceTree\\app-3.4.18\\SourceTree.exe,-1"	SourceTree.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	SourceTree.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	SourceTree.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	SourceTree.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 71133.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2372	msedge.exe
2372	msedge.exe
3920	msedge.exe
3920	msedge.exe
2220	identity_helper.exe
2220	identity_helper.exe
5992	msedge.exe
5992	msedge.exe
4736	Update.exe
4736	Update.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
5980	SourceTree.exe
5980	SourceTree.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

description	pid	Process
Token: SeDebugPrivilege	4956	SourceTree.exe
Token: SeDebugPrivilege	4736	Update.exe
Token: SeDebugPrivilege	5980	SourceTree.exe
Token: SeRestorePrivilege	5924	7z.exe
Token: 35	5924	7z.exe
Token: SeSecurityPrivilege	5924	7z.exe
Token: SeSecurityPrivilege	5924	7z.exe
Token: SeRestorePrivilege	976	7z.exe
Token: 35	976	7z.exe
Token: SeSecurityPrivilege	976	7z.exe
Token: SeSecurityPrivilege	976	7z.exe
Token: SeRestorePrivilege	5044	7z.exe
Token: 35	5044	7z.exe
Token: SeSecurityPrivilege	5044	7z.exe
Token: SeSecurityPrivilege	5044	7z.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
4736	Update.exe
2760	pageant.exe
2760	pageant.exe
5980	SourceTree.exe
5980	SourceTree.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
3920	msedge.exe
2760	pageant.exe
2760	pageant.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5980	SourceTree.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3920 wrote to memory of 2124	3920	msedge.exe	84
PID 3920 wrote to memory of 2124	3920	msedge.exe	84
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 1208	3920	msedge.exe	85
PID 3920 wrote to memory of 2372	3920	msedge.exe	86
PID 3920 wrote to memory of 2372	3920	msedge.exe	86
PID 3920 wrote to memory of 3700	3920	msedge.exe	87
PID 3920 wrote to memory of 3700	3920	msedge.exe	87
PID 3920 wrote to memory of 3700	3920	msedge.exe	87
PID 3920 wrote to memory of 3700	3920	msedge.exe	87
PID 3920 wrote to memory of 3700	3920	msedge.exe	87
PID 3920 wrote to memory of 3700	3920	msedge.exe	87
PID 3920 wrote to memory of 3700	3920	msedge.exe	87
PID 3920 wrote to memory of 3700	3920	msedge.exe	87
PID 3920 wrote to memory of 3700	3920	msedge.exe	87
PID 3920 wrote to memory of 3700	3920	msedge.exe	87
PID 3920 wrote to memory of 3700	3920	msedge.exe	87
PID 3920 wrote to memory of 3700	3920	msedge.exe	87
PID 3920 wrote to memory of 3700	3920	msedge.exe	87
PID 3920 wrote to memory of 3700	3920	msedge.exe	87
PID 3920 wrote to memory of 3700	3920	msedge.exe	87
PID 3920 wrote to memory of 3700	3920	msedge.exe	87
PID 3920 wrote to memory of 3700	3920	msedge.exe	87
PID 3920 wrote to memory of 3700	3920	msedge.exe	87
PID 3920 wrote to memory of 3700	3920	msedge.exe	87
PID 3920 wrote to memory of 3700	3920	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://product-downloads.atlassian.com/software/sourcetree/windows/ga/SourceTreeSetup-3.4.18.exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc0da46f8,0x7ffcc0da4708,0x7ffcc0da4718
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,15974254905437672740,14451437365575596413,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,15974254905437672740,14451437365575596413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,15974254905437672740,14451437365575596413,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2148 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15974254905437672740,14451437365575596413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15974254905437672740,14451437365575596413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15974254905437672740,14451437365575596413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15974254905437672740,14451437365575596413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15974254905437672740,14451437365575596413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15974254905437672740,14451437365575596413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,15974254905437672740,14451437365575596413,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15974254905437672740,14451437365575596413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15974254905437672740,14451437365575596413,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15974254905437672740,14451437365575596413,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,15974254905437672740,14451437365575596413,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6256 /prefetch:8
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2028,15974254905437672740,14451437365575596413,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5992
- C:\Users\Admin\Downloads\SourceTreeSetup-3.4.18.exe
  "C:\Users\Admin\Downloads\SourceTreeSetup-3.4.18.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6104
- - C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe
    "C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:4736
  - - C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\SourceTree.exe
      "C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\SourceTree.exe" --squirrel-install 3.4.18
      4⤵
      Executes dropped EXE
      Modifies system certificate store
      Suspicious use of AdjustPrivilegeToken
      PID:4956
  - - C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\SourceTree.exe
      "C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\SourceTree.exe" --squirrel-firstrun
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Modifies Internet Explorer settings
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:5980
    - - C:\Windows\SYSTEM32\where.exe
        
        "where" git.exe
        5⤵
        
        PID:2192
    - - C:\Windows\SYSTEM32\where.exe
        
        "where" hg.exe
        5⤵
        
        PID:5536
    - - C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\tools\7z.exe
        
        "C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\tools\7z.exe" x -oC:\Users\Admin\AppData\Local\Atlassian\SourceTree\hg_local -y C:\Users\Admin\AppData\Local\Atlassian\SourceTree\PortableHg.7z
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        
        PID:5924
    - - C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\tools\7z.exe
        
        "C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\tools\7z.exe" x -oC:\Users\Admin\AppData\Local\Atlassian\SourceTree\hg_extras -y C:\Users\Admin\AppData\Local\Atlassian\SourceTree\mcmw.zip
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        
        PID:976
    - - C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\tools\7z.exe
        
        "C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\tools\7z.exe" x -oC:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local -y C:\Users\Admin\AppData\Local\Atlassian\SourceTree\PortableGit.7z
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of AdjustPrivilegeToken
        
        PID:5044
    - - C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\cmd\git.exe
        
        "C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\cmd\git.exe" --no-pager -c color.branch=false -c color.diff=false -c color.status=false -c diff.mnemonicprefix=false -c core.quotepath=false --no-optional-locks config --global --get user.name
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\mingw32\bin\git.exe
        
        git.exe --no-pager -c color.branch=false -c color.diff=false -c color.status=false -c diff.mnemonicprefix=false -c core.quotepath=false --no-optional-locks config --global --get user.name
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:5724
    - - C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\cmd\git.exe
        
        "C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\cmd\git.exe" --no-pager -c color.branch=false -c color.diff=false -c color.status=false -c diff.mnemonicprefix=false -c core.quotepath=false --no-optional-locks config --global --get user.email
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\mingw32\bin\git.exe
        
        git.exe --no-pager -c color.branch=false -c color.diff=false -c color.status=false -c diff.mnemonicprefix=false -c core.quotepath=false --no-optional-locks config --global --get user.email
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:5532
    - - C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\cmd\git.exe
        
        "C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\cmd\git.exe" --no-pager -c color.branch=false -c color.diff=false -c color.status=false -c diff.mnemonicprefix=false -c core.quotepath=false --no-optional-locks config --global user.name ERHQJVYQ\Admin
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4448
      - C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\mingw32\bin\git.exe
        
        git.exe --no-pager -c color.branch=false -c color.diff=false -c color.status=false -c diff.mnemonicprefix=false -c core.quotepath=false --no-optional-locks config --global user.name ERHQJVYQ\Admin
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\cmd\git.exe
        
        "C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\cmd\git.exe" --no-pager -c color.branch=false -c color.diff=false -c color.status=false -c diff.mnemonicprefix=false -c core.quotepath=false --no-optional-locks config --global user.email lalal@com
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\mingw32\bin\git.exe
        
        git.exe --no-pager -c color.branch=false -c color.diff=false -c color.status=false -c diff.mnemonicprefix=false -c core.quotepath=false --no-optional-locks config --global user.email lalal@com
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1404
    - - C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\tools\putty\pageant.exe
        
        "C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\tools\putty\pageant.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2760
    - - C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\cmd\git.exe
        
        "C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\cmd\git.exe" --no-pager -c color.branch=false -c color.diff=false -c color.status=false -c diff.mnemonicprefix=false -c core.quotepath=false --no-optional-locks config --global difftool.sourcetree.cmd "'' "
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:944
      - C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\mingw32\bin\git.exe
        
        git.exe --no-pager -c color.branch=false -c color.diff=false -c color.status=false -c diff.mnemonicprefix=false -c core.quotepath=false --no-optional-locks config --global difftool.sourcetree.cmd "'' "
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\cmd\git.exe
        
        "C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\cmd\git.exe" --no-pager -c color.branch=false -c color.diff=false -c color.status=false -c diff.mnemonicprefix=false -c core.quotepath=false --no-optional-locks config --global mergetool.sourcetree.cmd "'' "
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5052
      - C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\mingw32\bin\git.exe
        
        git.exe --no-pager -c color.branch=false -c color.diff=false -c color.status=false -c diff.mnemonicprefix=false -c core.quotepath=false --no-optional-locks config --global mergetool.sourcetree.cmd "'' "
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\cmd\git.exe
        
        "C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\cmd\git.exe" --no-pager -c color.branch=false -c color.diff=false -c color.status=false -c diff.mnemonicprefix=false -c core.quotepath=false --no-optional-locks config --global mergetool.sourcetree.trustExitCode true
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:408
      - C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\mingw32\bin\git.exe
        
        git.exe --no-pager -c color.branch=false -c color.diff=false -c color.status=false -c diff.mnemonicprefix=false -c core.quotepath=false --no-optional-locks config --global mergetool.sourcetree.trustExitCode true
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,15974254905437672740,14451437365575596413,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_CE1BD1F837B82D9833A59AED683C541C

Filesize
727B

MD5
73bdb80daed15a87e279e57a6521b81a

SHA1
d6ac3b0d23aa1ff8f3f2d1c8154fed6f8da8e9de

SHA256
14d8e20c08d1010e5556b92c26652d71a697ef27edc229771bcd3917377b148a

SHA512
285e318b72a23bb8886cbf30963c216a057d9cf75c7c2f6841166161e5aeb53509b3863066d79cf9673427afd062fcf3c8ea2a196d71e4df3354fa6949df5fe2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
3468cf54113d2a5a5c0523352c196c6d

SHA1
f9630b1f9d9b75e06be51d2be05560e776767a2f

SHA256
3e61fc0bec02f7c57ab683f5d2fb1acf951f379e947a8b2a27c389070cfdb063

SHA512
4534a82bb8b3cff2a3dc0846e2426e8f89fdddddac10eedf5e3b28acf1c4403f5aa4c0c557a7c0ae33c49536a0b67178e8e2e004719d7812650d19046757a6db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_CE1BD1F837B82D9833A59AED683C541C

Filesize
408B

MD5
4a06ba6daa852d4dc7441b2966cda2d9

SHA1
f4825ea3f9524a50342f4be7cadae678b8efcdd1

SHA256
92f0209cb1444a703af9c2cc1e72547265e2812fa218c34d7fc094bb71dd54cb

SHA512
540ee4ff1588e6caf6b834928045ab307112b22f56d67cc3dd0cb6b04293a4ec67c074f3ca8d396181d7d33539b84e153930e3ca20f0f3245fa4909f914de175

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
cb515f90b7e755e90e87ad4d8a2239b8

SHA1
aae664a4046d7a512939456cdd0cdce2f4305cb4

SHA256
1e4ae3752519f1166a12e7b03dd4506c75be8a1dd80fa87ad395cb61a2960858

SHA512
263b66edeb9f164dd4c8a4f7e39f88b9765a4ec940426b7602608b7b148c74f45f0f630791e810daec6b1ca168bf00fc81a46cd15ac36388ac212f5e606e8885

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree.exe_Url_grh31hralxgvllvemj3lmpbjy1kdxxb1\3.4.18.0\1swe0a0n.newcfg

Filesize
2KB

MD5
2670989d5b6cb4e5ef291f3b90acec5e

SHA1
72b40431f9228ffdeb349bcff256f2c938c6f68a

SHA256
41fa694dfead750555c300e19e7b7f34b9ec8e0f364116220cf0234049ad978e

SHA512
9fb7fecd223a44b3868db6b2a7d7c26486b47606a8eed496b3ec4286b90be552126d26ff751613cd5c6f079402e25d2c8529cfb90d595435c205f1bfeb33ac8b

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree.exe_Url_grh31hralxgvllvemj3lmpbjy1kdxxb1\3.4.18.0\2quof21e.newcfg

Filesize
1KB

MD5
d49f71cc9f2e1e9240bd62ad49dadc72

SHA1
66313f0ef5da88f6745079efb930dec25cbe2b5a

SHA256
32dda43a7164d62aa3ebc86a63792ed9cf984b9fd4b61388b63fd81ce9075fbe

SHA512
663290a95abda2da81bc4b4ef75db52e234e36da357e95f816050cbc6c76785003f4862e92280ce172940b0e1d7490d0aec7a9829002605f20a84108fc966a20

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree.exe_Url_grh31hralxgvllvemj3lmpbjy1kdxxb1\3.4.18.0\e2g2oqsh.newcfg

Filesize
1KB

MD5
69f0d4d803e065b9df18d4b8c274cf31

SHA1
c3f24c486562fb972de2d399aa9ae0fd3b3fd1bb

SHA256
a50024be22759150a03be2559b3310b9ac7e40a54e9bf3cd9213d0b9e41b5f9b

SHA512
18576969f8ec737132e1813811b759185c12f6cf376a85c694fb9253c76de4efb40d07c00def965134901074ba8d18cc21845777a1171d2dfa4a1bb7b2e75ca7

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree.exe_Url_grh31hralxgvllvemj3lmpbjy1kdxxb1\3.4.18.0\s2waubjb.newcfg

Filesize
673B

MD5
2abd3226caab8920e2320325197f74d1

SHA1
deb30583dc02ce1b84e3416d76cbc7b9fc3aab38

SHA256
9c0fdb5b53b47b65941e4131da297c682ee816ce2458a6bbc4474ef4cb432106

SHA512
fc342df6091bcfcc42a62dff3335f5bffad11d6df7319a22629b3f58560278c7dfa9016730ad2ee7870eafeacb62cfa002d489276982e5acb29fbebad4b2cd3b

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree.exe_Url_grh31hralxgvllvemj3lmpbjy1kdxxb1\3.4.18.0\user.config

Filesize
558B

MD5
1d1ccdef5a2b065cc06883e2a6253ce0

SHA1
a8271cc090d7fed9ef0bb1ffd6bc0b6e703ac58b

SHA256
4d0faf5b719aae2b9dd280729240f716fa6eef63acf327114b9bbdf85eb31132

SHA512
87e7d6df6a76fe60a3ba86b5974132d1e7b88f3934679dd4d307475d3a0d1503295ee30ad9ef4b7cf99dc3399a12a04c1ea68100144de1f567d92b498c58240a

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree.exe_Url_grh31hralxgvllvemj3lmpbjy1kdxxb1\3.4.18.0\user.config

Filesize
1KB

MD5
bb8d4487e7ceb5fe86286bb96d8b3808

SHA1
056b6637fb50bccdb1bb5b133019a25916b6034b

SHA256
2aed81ee845630b13c51408e8be8cbd73d598992cc6cddf3ec44ca37852c6905

SHA512
125038ad842497c19faca444c9be6e6e82cf43dc294e50efe6fbe5ed52a57724a49eea0a0ddde00c344af52d1b06978f9948db4b9f3aacf66477ed9b3b6461f2

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree.exe_Url_grh31hralxgvllvemj3lmpbjy1kdxxb1\3.4.18.0\user.config

Filesize
1KB

MD5
c8cfb8901e3f66d3bbd2969d70665dc6

SHA1
fe0a49874a3b268d4895a7b8cdfdb7704dd7d49e

SHA256
d0c3f7566b16b2f4808e21ddac543b325b2fa722bb9ee4b556ad847fb1f51684

SHA512
ac9e8857c20e9b4b1869a3292d882e8c4037b80870c49323e6d64ef61d35b145bc157ebeb1e755785a8d43a15791ed553afe437d62c743716df473c687605f54

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree.exe_Url_grh31hralxgvllvemj3lmpbjy1kdxxb1\3.4.18.0\user.config

Filesize
2KB

MD5
3277fd216ac5ff9b382641b3b09c3909

SHA1
195cbe798bafad5bfedfe6efb8396c5807902a98

SHA256
19b868f8400e694ed8599ce3af720e9df3a6947a1558d4d6fe978f94749db475

SHA512
efaf3de1155a28c423a579affa885f5487f11e426202e22df52f0f55a1c1adcdda40932e056bcc6c4419998c15fc30f6c7e07d2054f0c2786c4d041fab6472a9

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\cmd\scalar.exe

Filesize
44KB

MD5
b4371877b6cdf89016af6946ec241463

SHA1
55c183182df9391976af2691c21dd3cd39750197

SHA256
8d348fc40cd3603feb700d16b8c8c832831974339637bcbc49e65b81cbcf2426

SHA512
fef999ab45d58e4b0acd1c1307bc210df020cf7b4ba01904190d0527effc44206053352ce7ae2ea3f3728e35aa10f145b366921321acf1dedcc83c11ba552d9d

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\mingw32\bin\bzgrep

Filesize
2KB

MD5
3edb2e00504ce044aa1bdb71e8a6c32f

SHA1
9804181215d0dbbe5df59981e21437f7ff4eff34

SHA256
a8e368a31766c7862b8d0feeffe274c3bb43b969e3ccb4f9e77d13bfa447a5c9

SHA512
475bbd71a9224e54d5ca69d81c55f95b3f5b5b4fbe169cdc9521ffc040689663bfe21b3075ab41920cf16179ee76b19e76511c827a5b094f57cf644560d3e70c

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\mingw32\bin\bzip2.exe

Filesize
75KB

MD5
7f9108488d030ae38d5080cdc4822c1b

SHA1
dd6587b521e2d52ec295fe53c3be57fca96257c2

SHA256
beb328ce9d9bb8c7b48bd64665d19f5905fca7185ce2cbbe8bbb62475d3b9d06

SHA512
23821231ca4334143dba1ab67fed0f998e4e6ec5e441d1ca3e28456385e872dd40e1800914d6773add9203ecc24bffe892571351bac6b7a9ebbf8def4ce223a7

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\mingw32\bin\git-upload-pack.exe

Filesize
45KB

MD5
bb80158378cb832ac6e4115335a150a7

SHA1
17902f22c2688dbd765c159862544e5f49923fed

SHA256
e2317a1836b51652e5734a77b2fd435182878336b85ec8ac8bbc2dfd65e60f69

SHA512
59b8e2ffa6ba07d77e95f3227e959525d8da46d844e3cebc38e830d038e27e952c9e0bb3e14f278ec613f324d90363187431197cb6e2e78b833359716ab47439

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\mingw32\bin\git.exe

Filesize
3.9MB

MD5
da5227a2241e2e8c0a99e83518377fab

SHA1
5ea80990d06a323e6b4f88bb48ca2300021857f1

SHA256
877c931507f099cce600d98319029622ac24a5218275b3e4244f4063278de1bb

SHA512
386c1e0240e8ffae96961f75f45d6bf42e3a7298a36e91444c2737ecbd5f8dd17e07dffb27306bc5557e4aa25b6a554ed4bf2a1cff4d6529a09b2f4d0bd49fe2

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\mingw32\bin\xzcat.exe

Filesize
95KB

MD5
1e42eb2533932cff12b761b752669592

SHA1
ff010b0f49298fd767d74cf43499ed61c5db6fe4

SHA256
6a4e1cfce53f2410c4016bc329aa6aec700fc735bde038ebbc94314d07d5fae6

SHA512
6a97779f3de6a4ecbed1da1cf7e12bd9a535ce7b1697437a344019e18f022dd70c9ae02164c20c15d764381e3f4dc470943a2898bba549b2a46c99b24f5679d3

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\mingw32\bin\xzgrep

Filesize
10KB

MD5
11f0fd6d2e16e152a94cbe7ef43f160c

SHA1
8fa99806535da9257da5d2810cab38f1f763d65a

SHA256
e83ca59b0c0e5eb2170abc6d89a34980fd04891399a65ceea18d810301a275e3

SHA512
72a97cd45ae6cfff216dbafa4996f2df90b05ab80a35bf5ad430f538b58fb89a43594102fb44691bebc295d644d72000e56a987188c08f6f2a3ab9caf2d04f39

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\mingw32\etc\ssl\certs\ca-bundle.crt

Filesize
212KB

MD5
207da462f2d9ca0c205be2ca90aee56a

SHA1
3223fad61577e357bd5af7e724de43d2e368e4dd

SHA256
f159e5f4bc21d821b34e28bcf1acfcd0a3950a68d2b512dcca7e756b6a477ff7

SHA512
592e40e11ce3476c65afe760b7e1b6cf0a835ec374c9a8b684bbdcddc4b62ea6e38bafc800550e168d21aa5f88de55ad0c853ac7fbafb8f007bef26050108440

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\mingw32\libexec\git-core\git-remote-http.exe

Filesize
2.5MB

MD5
943580c2aec3e199d0c65c52d0d285a9

SHA1
e0f35a112a3c6b3df583c9087a2be54430030fb3

SHA256
5d444e5d694bcec60af395e8ff3a2d01650c219d99a5186477f20560eb2a515a

SHA512
3576c755bc32cadef26f36f509cc92ea30f33e36396669957a09300132b75a8fbd44fbf99cc73c0ed0df26b1d132d70b76746a6937eada5608ce10f377888a52

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\mingw32\share\git\compat-bash.exe

Filesize
45KB

MD5
172e66bd2550973bf6dda39f67c265e2

SHA1
8217a7a9c74799250dcb503cce227564a3b4974f

SHA256
00f277f3ef578baeca7783ac5b384d4dddb9b94703e52d2aa6596ca127bd0637

SHA512
3f121acce5c28797d28961f99dd6cb9e54d4fe85a10da3b8ace46d1efbce288ff3791d0e0cc093bd086828f86216e5efa4fda1178b3a8177243ad5da8125a50a

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\mingw32\share\licenses\libtasn1\COPYING

Filesize
34KB

MD5
d32239bcb673463ab874e80d47fae504

SHA1
8624bcdae55baeef00cd11d5dfcfa60f68710a02

SHA256
8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903

SHA512
7633623b66b5e686bb94dd96a7cdb5a7e5ee00e87004fab416a5610d59c62badaf512a2e26e34e2455b7ed6b76690d2cd47464836d7d85d78b51d50f7e933d5c

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\mingw32\share\licenses\libtasn1\COPYING.LESSER

Filesize
25KB

MD5
4fbd65380cdd255951079008b364516c

SHA1
01a6b4bf79aca9b556822601186afab86e8c4fbf

SHA256
dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551

SHA512
1bca76c9f2f559a7851c278650125cd4f44a7ae4a96ceee6a6ba81d34d28fe7d6125c5ee459fef729b6a2a0eba3075c0841c8a156b3a26f66194f77f7d49151c

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\mingw32\share\licenses\xz\COPYING.GPLv2

Filesize
17KB

MD5
b234ee4d69f5fce4486a80fdaf4a4263

SHA1
4cc77b90af91e615a64ae04893fdffa7939db84c

SHA256
8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643

SHA512
aee80b1f9f7f4a8a00dcf6e6ce6c41988dcaedc4de19d9d04460cbfb05d99829ffe8f9d038468eabbfba4d65b38e8dbef5ecf5eb8a1b891d9839cda6c48ee957

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\bin\bzcmp

Filesize
2KB

MD5
e786fc0d18a8c8679897afec7dc20f81

SHA1
b53283980b78efb04ba9f0b0ff38d055bd3d751c

SHA256
1c1f96193cdf14b85ea65f140a7557a07ece8783a53ec5ba6b5c30644a9d3012

SHA512
c5421c591c25a0e7858e20d3211293898ec9eb77a766ece887b173dd1b5dc5ba331942006ee546fa98430a3f73e00ccff7b8332065988d86a7145f4ecd24065e

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\bin\bzip2.exe

Filesize
89KB

MD5
b21d0b5e0b2a29dd9c7b4d4d43e981af

SHA1
23f359788c6feb84ab9299dd36182af65e2eabfc

SHA256
7b3130943f6996eea0d8ebdb57e57c74e98cc4d13ac362d271f5573079694106

SHA512
4ae0e4e6bae1fb6d00d6c5d5c923beb7f760eee0e6a2b56b55af9f9fac3b477ae153642dfd78f12b856a0067af8df8e9f66e9a3f5a566524ccbc894b47c5eb7a

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\bin\bzless

Filesize
1KB

MD5
e243255b6cf3b9403df53cb9cd6176e1

SHA1
c90132a93c5cb1196e6cb10be1d6171c8f1b1472

SHA256
0e7ca63849eebc9ea476ea1fefab05e60b0ac8066f73c7d58e8ff607c941f212

SHA512
89262742db7bc927e72d55d7ff8ef57468ce9c518d9a284023c05f39373840db5697a314e6fa26c7c1fc920837c9b925759bc905b576359ffe975523eb8e65ab

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\bin\gawk.exe

Filesize
606KB

MD5
28295490b1d8ecb42fb1f4dff81e6bc0

SHA1
ce3dd91800343b67f7571b2f0ad930ea581b132c

SHA256
1ee91ae8887bc8906a0b0a3e7bbfeac580a6aa6990bc76ce22f13a0c4a020c79

SHA512
8cf50a30b1672cc9c2cbd1b6f97ebd7a5c87bdf6aa553eaea4c7e92033dec7e070b714277f46515bb13c66953126aef508cb9e629d6a05134f0fe176268ec3ed

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\bin\mac2unix.exe

Filesize
53KB

MD5
1c35d14f04128b28ef5c5a3c9fb827f6

SHA1
5c5f59ba9909d5b8cff6860687153cc7f7c6e489

SHA256
0790b70ad730d354564fd144efa45ab79f10208ac86d082bc55876d62e079a63

SHA512
21ecdf4e351010be2938b20e0d386fa507abe41bac6884a100c4439173a5fcb4d028740aab4e4a8c8e2960268732debf60e6ce22ee405620199cae85f52cfe14

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\bin\tic.exe

Filesize
74KB

MD5
52b52413561990a96ce9ea5a03b6b3d9

SHA1
75b15095136a4980445f19c757e9e9438b7df3a0

SHA256
0ba3835f6a895eb896776b1c140b7ce1561a657dc5ce5ca9d770b1725b57bf0a

SHA512
1ee6056c4f156350ca31de9238be96e4ad8bbb459cfd4bea13ba0e9f30270efa18c749c3701c09366369e9f79ee665822d785d22a5357e073c55b78d57ad7198

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\bin\unix2mac.exe

Filesize
54KB

MD5
6dbf2361dd22a44b9a6d4880c2649d40

SHA1
5299a00a3e3b53c2f678f9fffbca425157e263f7

SHA256
0407ffa1c5821772b81d53ad2a47c3e85b63727b200c06b1e9b0cda046d98082

SHA512
5960898d3b68f2c2850fe4db982350d09f7818180ee52c22a6b304648342d457aed1eb516487d80dc5e25c05bf2815ee1206d97f96350ac2525c310107757ed9

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\bin\view.exe

Filesize
3.1MB

MD5
b1b18edbf0d76d7849433e5782d9bd1a

SHA1
5a9b037d0e4d8325e1da67cd6e52d55ca505248b

SHA256
62682b5c8f2c98949c63f69be8e3556f0c76ec39ef62e7205230f17feaf12454

SHA512
b18f7312030436a653549b058f874d17d75674af508ab2efb3fd3e5d6d31cf9e4c3652a87abd2488507696f646aa67ba928b489d8f9d8ddc7bf91a02030164fb

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\lib\terminfo\73\screen.minitel2-80

Filesize
1KB

MD5
d61e0247845f1340f61c2b20ca9577d1

SHA1
712d0420d53174d9df9e4f032f3c63a78bbe7472

SHA256
4ae4f1c39f9d159347192ef24f021459e30ca7d45f22e47b9bf850842b69c566

SHA512
928aff88cfe4d713cac70f947af59e1e8ec015dbd0aa0d3a321ccc6b16d56f3ab7f94ce01445e82591b43a98f160e8a954c6a29f61f6b31249b53a901ec554a5

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\share\gnupg\help.cs.txt

Filesize
9KB

MD5
14a267cde4ab3ba9bf15d6bac9eddff5

SHA1
6acaa6d2d24416aa079ee3d87ac87ddb1d6744a6

SHA256
05cdf5a33891882a1b96e007c0ac8dc9f99592f3667f79d83904a38e38e8bbe2

SHA512
4a41044d63b7d1eded892b3f0bd1c60b6b2c6cf2c4fdee273149b9790c21e08dd829b5ff8be8731b029cc6a4cf4d15a4d531cff4033d5fdc545a10d6233df11e

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\share\licenses\libxml2\COPYING

Filesize
1KB

MD5
2044417e2e5006b65a8b9067b683fcf1

SHA1
3c21506a45e8d0171fc92fd4ff6903c13adde660

SHA256
c5c63674f8a83c4d2e385d96d1c670a03cb871ba2927755467017317878574bd

SHA512
08955e4168147a848ef90a9793f2ebe32c8318a5c38fefc3680a00f5d92646ca0619067c8d55fa7d33f96e887467823590fb55ac0803c49b4bef31b3ed8c2b07

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\share\terminfo\73\screen.xterm-new

Filesize
3KB

MD5
5c8b43655de96d77c2ff1df38f4c772f

SHA1
4fcf743a684e795778dae1c9a2a95eb448d468b9

SHA256
ec3fccd216f6dbc58ce04548e6815d787bd823849d0f2c655f36dfe984d82996

SHA512
7b231f04dba016bc12a92a2cb5b866bfadfa7e0c8f3f118c9e56aa0519c7254e9527a1f458012c3d8f417de231d5d3d4c63ba0b0a6262a3f042406b12c27075b

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\share\terminfo\78\xterm-24

Filesize
1KB

MD5
3cd412804c7a72ee56240cf422adaeca

SHA1
8c7bc464fcf17ed1e767ff53b8455f5930da39eb

SHA256
caa13c37066fdce023748dbf4c49d0b359a72dda73f0d2287288c0ff820cd1b3

SHA512
8accd928653b1d6e052595fbf818846127b03e7fdd7f3b2900eb1607026c8fd7340b62004830e9c892a189de195ca4cbb491ccb480cc9ea11741b141d19780e9

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\share\vim\vim82\ftplugin\hostconf.vim

Filesize
383B

MD5
4c05fe363a567f6f07c9f51b7db47b7f

SHA1
3770811af2b5f6a59f176ca38f089712f7d93411

SHA256
7e324306b8898c97f934dc4e7a74ad8c4f8a2d8638ac9307aaf378868a3de469

SHA512
bcffe4b93ff033bcdfaca9c96450b216a3ff61c96a3b9043cc9800f8e31dfb485ccb0890d0b10f1ebd8bb59a6326c46cebb9cc988e95bf601d737bc1d2d2b284

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\share\vim\vim82\lang\ja.sjis\LC_MESSAGES\vim.mo

Filesize
257KB

MD5
f39c475697302ef98d3d98933a837633

SHA1
b7b162bd28569661a006096b5744412845ce3d1d

SHA256
290c251ebaecb15f177e40425a94030029625fe7332ea21f67fb9018db0c2b6a

SHA512
a34c4f7280658fd2014b2e93146341d01620bd91029e2de5db57734ab3b7b88be96051189cb094bebe4dd0310e84a2f71e1df896c2337e0cd55e957f025ca806

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\share\vim\vim82\lang\menu_zh_tw.big5.vim

Filesize
89B

MD5
22f0b13b13fada6da47bd9ba2dd46bc9

SHA1
b37d79ab8a5d12dc280089ebddc50640324cf32e

SHA256
d0e02926e0de40f38d7e65c92bcfc26028614c4529a794dbfed8e5f75f001095

SHA512
d17925a64fb80409368a59c0c6b4a7c3f244c6db5b3bb2dde5927af8b4359fb6fd27f8e2be58e11f061353b15ddc80f59fa3186ac3aa62a2f3493cba28b8f133

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\share\vim\vim82\lang\pl.UTF-8\LC_MESSAGES\vim.mo

Filesize
164KB

MD5
08450822a73cce3541794810b798c78c

SHA1
4235425feba86ccdddd4e95b2af220e16f23e5d2

SHA256
e8c2627a62d5b725defab1ded6565dc28f0d887e8f833a94cd0e3147ec9e6dba

SHA512
b2f5166b9bb9857c6574146391d25fbb194288625694c69d9ad6ad5799a69790eb8938ec78634b3ac5033e723fd81e63535f631a335518095e039f3c089b2de1

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\share\vim\vim82\lang\zh_CN.UTF-8\LC_MESSAGES\vim.mo

Filesize
130KB

MD5
4faa60ae15d83453e61577d7df7bda05

SHA1
d3917184bff572434f95314d40bd1626471c85a2

SHA256
49965d7625b09f3c29fad3eb6b123a660ad9c9508df5c8d9b65359ad42577a0e

SHA512
401bc3372d986930b82b1524e2ac0a66f4ce34d668c4e8cb59df7c9873173bd6d030cfeac9dc65bab3a8677eb6d14f86bce53b4ecc981dc1e968f3fb93024555

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\share\vim\vim82\lang\zh_TW.UTF-8\LC_MESSAGES\vim.mo

Filesize
114KB

MD5
59629f8b5fdd385a8197ff5434ae9b43

SHA1
2aa034dde3a37af2580b87adcc39bc0705eea093

SHA256
bdc9d778c868d19ac34dd19d892f045dc371a34d3dcd782439c7ded12b5f6b58

SHA512
88797701d9644b5e4154f821a62c1a5458e7b270ba8954226a74ecd4e28e16a3f440a0a6e882519b2aea684d75c8b0972dc86ffcf91f0cd0767ef435d0bd49f5

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\ssl\certs\ca-bundle.crt

Filesize
194KB

MD5
e96c7859a7e097d82f28644721f0d84b

SHA1
54920443dcaae6debbcf14d0d6030988b12906dd

SHA256
7596a444d1573fc3013d616a01b8d02352e64c9ea99a0c0eb861c8acccf559a7

SHA512
cd0425572372dffe56f0d1db20293984291b701b60aa3151fb78468e123fd7cbe01d7e3984ab67fd4defdca0728c88b22f706b92308230eacf82ff2e56d64100

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\ssl\ct_log_list.cnf

Filesize
412B

MD5
5b561a90362b8eb9127c792c3f5902e0

SHA1
a2587c4e97408b64274e5e052b74e3754892c13a

SHA256
f1c1803d13d1d0b755b13b23c28bd4e20e07baf9f2b744c9337ba5866aa0ec3b

SHA512
ce307f87b90e0a0d09335577283ab4509802b43d14725d76c65139f6625f7e4fe636f41c9c398ccc9a2c70b229a34fd796b8ae0e9f5f3720e43f727a60232167

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\git_local\usr\ssl\misc\tsget

Filesize
6KB

MD5
004d4e3d0282e9f51f05eff55b422f8b

SHA1
5e1685574b8a41fa02191348c5bc53045fee70f5

SHA256
1c303a261c93d09a04dbb5b4167e93553607a8d06e968bd1cf06325933c147bc

SHA512
281f5b96ea169a8f7695eea275e1ff59ff7d6e9b3474b44b743168aff2fd038ca2a698fd26d6c21259a0f7739ff1a8758c19ac8651256b9e151a406d283bf620

Download Submit
C:\Users\Admin\AppData\Local\Atlassian\SourceTree\hgrc_sourcetree

Filesize
524B

MD5
36a78769201bd8e4bb2cd920ca67b0dc

SHA1
ff281c0e5652b727a0a80e94a24f3857646cfa24

SHA256
e3e74b277d309af118cd633f07caf5d1f11a471371316f54aab9ab07437cb0f8

SHA512
005963571d8837b36a4818dc156c0dc75e61a86a82ef054b4978d4c9e9af0d720f81345e87f5e289c74d0452544a98ff25064976e6ff7bf8a863fccd60e121dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
199B

MD5
74d51da607682554b2e29bad0a84ef61

SHA1
b673f3d8e1e0b1ac54f7b02ab37d983b525e8cb8

SHA256
914aa1c477e78b0396b70776b46a7700a368ed6883ce5a9e4f86d077d97ed594

SHA512
e0c6a1d6ed94feefe218fcdae0df0d5f5e83f4aa431728e4df963cb409700e4234f135af52a71d06ba9069940f3d7ac4df9ad1349d7ac8b9a6be6e5374793e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a644e39a8c2d1a5d68ab387fabc5be3b

SHA1
0c98844a42c9d3b9a673801de15df836b4f897b8

SHA256
aa2ef751e05517ee2b1443830deec0ad3a824bef77413c1a0b6e72d2214b8d03

SHA512
4854017bc994fe2699a9b3b333f9ad39d4e3eadd8b6e55696d8240ed398260250a00822d9867a0ddb61e48694ddbc6b6b9dbf677b36305b621552095ddd9bd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6beacb02352eafcfd538c485138979f8

SHA1
f46e51a4abfe5df1159fd7f3a69a1ec6c3966920

SHA256
e1fcacda153c93be8877020b9211b869243ee426efc27147b19dbb28f56bd6c2

SHA512
05a40f386e4765efd1027dac7ccdb7044a5305aa523c70b3649094087669bdad53ec05955bb182eb30f9910521709464702fa14d85a2b9a1b7033f24ad6cbf36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3db9ea9ee0df42bff44415b54fc12630

SHA1
a7dbf640ef77832a7e26e85691e8a87f9445f949

SHA256
a557f11df6c33608a14bdabafe99a3ff91e83928d7831852665380975d566091

SHA512
a649007552970fc309ad2465e571c826a7b6420c7f9f33e53f629b921a84caefd6d6b50de09b3862eef936d34676cdc9aac3e104130d3ce03c43f5242d343c02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
381b086ad7737d6c93877afdf60978ea

SHA1
e1a38da926f08390fa29fdb60b76d7cfcc4cab86

SHA256
8e52c6bfe881964430ce9b32db5ac834813030dfb8d565210dcc0daec994a662

SHA512
a25476bafd6b089c294f3f057f02b46c2a841704bf28d56afb4b528ee0c5f3da818d2459ee91aa7ccbbb4e31600aeeefd6d35a94afd43affe134b225d34dd3bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6fccf67b2f049041085940453959f370

SHA1
d42b0fc71554ba677552b0e7ba40f1e1d3ff5233

SHA256
8b3673b74fa817241b6c809d2642bfd8df93bd91fdba9a248d55ede7ba405929

SHA512
3c914c4e89f00c18eb1fa2051467dca7a5f7f700d831a8f9f1cb31c0621d0a222174ffffdd28e1ed382133425cd229bcb92992c2316b03b64e7eabc6699438f5

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\Atlassian.AnalyticsService.Client.dll

Filesize
25KB

MD5
0c168d791630772c4ae19d5f8309f042

SHA1
912dcaf0d57ab27c7476c1435aa8ed1f9827a9f5

SHA256
6e2f8842bd4ba522fb17e7126c6b330e2961d73ca362c6e4fc17f538f3f5b660

SHA512
240f172c2808d5b0906d4ef94dc9a6a6b847b6a59c2541fd53c8e1aeb3de0dec553bce7bb6415eba241e5725daef6f1eb009a6c2701538ba671cb4c12a169cdb

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\Atlassian.FastTree.dll

Filesize
39KB

MD5
26a27d440b49b751e62f26cf4c53fa66

SHA1
850ffd09e50e7cbb1e0ccc5e905315250cf77cf4

SHA256
fe6eaeac51700bdebfebb84fa120e2910232153f7ec2fe4268eee4c8617f41bb

SHA512
b78cc0761db73d9d948274fcc2a3425b3323355b57592aed55bcc43d7fc9ccc63877996761b6b456cbfa6ef79e0433bac901c6dccab36bdbca75f1925f1938ab

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\Atlassian.GutenbergTextView.dll

Filesize
46KB

MD5
a847b35398049c8473fd80612c4abb8e

SHA1
cf1f9c584487f3584f262bea40450fc851d40879

SHA256
9a2edc221cc335288f330bdc74c76cf0ce571915822154d67b3f4dc8746183f9

SHA512
c983e515de104f42b0a44fd7470067e9a51d7edb533742cbb280eef28221348be4e0bf48e0aac75cff4dfea8f00a72a86025f4a4c3165aeddc11b6c2262fa73d

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\Atlassian.PathTrimmingTextBlock.dll

Filesize
12KB

MD5
b2078bab3fecc14fa70699866aeecf31

SHA1
8f9365f08c10a56b7896218bad7a3a80cc82c184

SHA256
e22c081c966514cc9fce7503b1766a982503c21c14e6f578e84efa5cf77ac21e

SHA512
3702bfa7a3c22afa01b038fdabff265338420a68a1d350e7a35cae049577119fdebda79f296a63c8bd87bc510b7c9d14509734adb6cd28818576e51c7063c71b

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\Atlassian.Utilities.dll

Filesize
9KB

MD5
5ccdd90f03e7f8d0f7d70306867a3116

SHA1
a599de7f488b371e7d238785bfdc46218f9bcf03

SHA256
bdb7e6a59855ea581d2d5c2d74b54246b3d9ba07df1dd8b86b9e4625d181711d

SHA512
4b123dc0f5e373cfe66fb2ea16ea9acd1434a9885dd5c3476a2d02694f1c0b346ec27a1237b0d76a3e446e8084db76354d93c2e112fe4c1609328f434a2519a4

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\DesktopBridge.Helpers.dll

Filesize
9KB

MD5
73ba2e0907d6bccce36e841ca9263691

SHA1
5ef0df27a89a4dbf51c75bb8ff6d696bbda62c41

SHA256
e311b1081b9a5e8272d703f7d7788d9fa3914ac47bfaf2a18beca9bec89063cd

SHA512
6ba29bd6b46075638578f56ae13c7c9f399fb96004a59aacc30842401ed9001f8943017bc06a32436baac93fc1cdaf70d557f32668fa2cdf13cd64fd538b852c

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\Dragablz.dll

Filesize
237KB

MD5
28634f2d641bf538fc9f81247377d8fe

SHA1
5fbb6ad257035447af7ddc24cd737be2d772b440

SHA256
d73abdbd3e85f1db758052069e4a3a05ff3f2f2fadcfd6e47b1e452eaa86015b

SHA512
be86469cd482a76285534aa41ed878c5c8513ea730e2604a9d9b71e7ea637cf7b1edcc7023efd8633a46a782b5eaddbc995a6ef5044512ed32a1aafdddc01fe6

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\Microsoft.Extensions.Configuration.Abstractions.dll

Filesize
20KB

MD5
d8e064ad8f2419f204723cf7caa7ab0b

SHA1
f19f20d758dae8563fc4914c737e06f1292f58e2

SHA256
32ccdb2ab4348f195d247f920d1432c0cbb1cc5fd548fec8ee562c438aa48849

SHA512
b2ed620bc914433435e655f7a1c956735f959c3e8c60a182d96ab0a59a54c81ffa0c52214d88c6e48ca82e198ad7e9fcb603d6dc017ec64399fcf40d3178c341

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\Microsoft.Extensions.Configuration.dll

Filesize
25KB

MD5
ba5145200fcea6b50a2223f98b468bd3

SHA1
7af4f0b8a4a7b75763bbc72c5c3edf3d85fd8a50

SHA256
5971ca80cf7ec34845334c9734542cd4de2548fb15192a19e6df3272019e6317

SHA512
3e442028cb9208b1925d53bc3f0146fa832e1a912b8c09dacc6b5ee419c78931e4b5e256d58299a3adb9f54b2a66f24e454be74017fd0f0e2fbe5b7e98ada464

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\Microsoft.Extensions.Logging.Abstractions.dll

Filesize
47KB

MD5
fa43b31fac519d4537325b2d77595c3f

SHA1
dc3c0912d2275684a95816401f63e155fe2b5ed1

SHA256
ce4721eb7591c77ec23650c079c25730bc9e4f2af440ed0ce913258151434cda

SHA512
e9e050ec7bd310ce3c5c13ac7f3849dd96ee34ca68a91956b956eef6c228a23d790736d05f07562b039a888471f823107d11384e72e172f505192964680335f4

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\Microsoft.Extensions.Logging.Console.dll

Filesize
33KB

MD5
2bc8c0b10b63b68395a98e82a171e442

SHA1
8b5123b0be66be6daab4eab65a46e43c89c5f590

SHA256
c10ec1d9fdbd7f1e9134cbd401954ce7b0b32e2407c0f99da6aa9620716b6165

SHA512
059ac62a273c969040271b3f44c358e68d2adbbacdd23e70dfe5df809a314c1bbc4a880ed84507a07d2fa87e6a0596b59ce215a9ec3d95d5c4b90e83ee7ed050

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\Microsoft.Extensions.Logging.dll

Filesize
31KB

MD5
b7f13cb30356dbe3e3bf7c01e2d8c7b1

SHA1
712900d638167a85017ab7f99119964d84e0a39f

SHA256
9cb78661a77fbbae56de368f018ac9b06e6a171dab37e49091ac4abc4a3d1126

SHA512
6df9337d590adb72df002cd64005a59f60ba064b2ae2d207559f0b43c9c8978ae75b22115556f0f4e7567b7b7862b99fe069ec92b3c98752623636bea92d1bb5

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\Microsoft.Extensions.Options.dll

Filesize
42KB

MD5
d195309528f364dfacd3bae393ea08b8

SHA1
763721aa95eb354fe7cb88ac5eadbf6d854bc5cb

SHA256
123766d210b9793ce76c2779fa87b3c8fe122a526faa6d46841cf7cf6e5495ff

SHA512
332578fc59e8c518a0e45957d20a9a491b7d6d7567c1655c2f2fa5535450d2d9238b7937ba26b1eb271335e0dd605cb64768ac875eb0901692d021acb1e344d1

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\Microsoft.Extensions.Primitives.dll

Filesize
35KB

MD5
30f911d2ff61105f7b5680006a9e4def

SHA1
12285ffda48a642f3b06b06ce73f79341475c006

SHA256
42bbc209a1a39f3bab6652478de1bc7dd240146e3b668d34253425eb663bcc4f

SHA512
bcc6e1b979a370d1e11083327776364620e7055cf21d05f56f5867839de77c5c3823bd1adf123865533263fe7766a6fde6e66a55535c705a9097662e1181d463

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\Microsoft.VisualStudio.Composition.dll

Filesize
346KB

MD5
46739f1c6ea2b024884e13009abfb971

SHA1
513f8bcb441afd463e8e8f77959996becbefd719

SHA256
48d39ef323195d962dfe5101e23e803365d993ea6874895dc60d78fc03acdea4

SHA512
066941d654b0f957866ab1dc1775597dec7b5e10f643acd2e8e0a1a55154217d8036b3890331bfcae18188bedc9c79fa340f32fe147ce7257a206b6511bb868c

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\Microsoft.VisualStudio.Validation.dll

Filesize
29KB

MD5
2049efd8771fa543823d4692ad45b462

SHA1
2608cb8db9ba91f169d0106c844ff51ce38cee60

SHA256
4670907e3e5fdca3cab8bbc4f825582e391a7d6ca33b920f65fc6e06fbb42270

SHA512
7302730f15ab6ac8ed09d817acc8d8173e369db2665739c8ef1e7bd119bd7d9495de0821aa336c0a03516983dd00b4061e1583d043f8bc0020915d1f5652cd1e

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\SourceTree.Accounts.Windows.dll

Filesize
16KB

MD5
64c6b4404f5474a010f0c2f43e580664

SHA1
5091a642d89a9070ea24c51d8cdcef8849c427f3

SHA256
938d2e0759363726f02e2c85b1a50394ec390e4532c8763796bcac2ac615531f

SHA512
f3063c65b272867f2ceb57b222012c8beee7e3e47697476bd83da0a71930ff35de0830c7bffdea2c9736b02f5418147afe21625e9e9bee4ced2c08cb1b314861

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\SourceTree.Analytics.dll

Filesize
21KB

MD5
24c095edb5cbd357a31e0897c095dacb

SHA1
40797cb89b91767ba6dedd2be396b6fbca06597a

SHA256
a2e08cd1164d7782a7d2f2ae329ba4ffe2eeb3877607b950b4107e1069b46c6f

SHA512
8d2b7ebcc05dcb153a5e50779646d83db259b65db8ef71bca4e40dfba62a4879e3ca59527d420b7cb970915388db54c06d881a5ab0e577469a6fb11ee4296cc2

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\SourceTree.Api.Account.Basic.dll

Filesize
18KB

MD5
bb233257ab4800a6b7984d36d23e10cb

SHA1
b56bcaaea6f2910134555968c8a82c73d1f9c3cd

SHA256
f694c4c6eda54d301e3a52d89808234523676bae49cf1cbb802995ceaf40fd3f

SHA512
77fbe8c11b81cd8b5ca051d13a3af466f40b9cf998b3bf029c08d2f1d41f6d6a21bed6eeb5bc259c079782c76ee3dced5f83fa7c4178c131e5a566d9ad4acc80

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\SourceTree.Api.Account.OAuth.TwoZero.dll

Filesize
34KB

MD5
17c4f0998331bfa23b3c291b6eb9c5fa

SHA1
7addeabe5b9e37676f70ad1c3761fcbdbd5ea386

SHA256
bc507f60ee4296d2f8dd4786dce1cb023fd073737c2b1ae690f0ff5b9b53f9b4

SHA512
9a7a47ddfa7d4f4a472888b90e21dbe37a50eb08484ad061e4c36525c5d641a5e5531e5755d2116fea5b41e85880a5d7032fa4e43c33b70e938640d0785a3804

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\SourceTree.Api.Account.dll

Filesize
22KB

MD5
d6daf9969a0820a0344d9e53eab1d4bb

SHA1
c88adb0ff9f927c62c9a03f0842412dab7042a6f

SHA256
31271d5789e2425ab368705c15d3ef818176f66d465b3d1ba0e78918774a1601

SHA512
99e58c1e75e6ae7d34b93cf2114c680c0f3d08811c82fa399954b7ffc841abb95015697be395c872a8378a5ae12782bbfbc9b4cc078ce32aba287eedb33a60ee

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\SourceTree.Api.Analytics.dll

Filesize
9KB

MD5
def518adb6b377f7994013e36fa2dc16

SHA1
dad64fe5b8136a896755166d6a6ccb905e340ddd

SHA256
55e19bdd4404ec7695a915710149412f061cdcbee0dee281adc252abec08d36a

SHA512
76a29f4547c9dd1cd4eb0cdcebd26088c3fd08e8aaf5290c59a2fffe39ef8d448cc1205adedfa87ba07428efda1ea03fcb05035ce95a76cef4e538e05876966d

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\SourceTree.Api.CustomActions.dll

Filesize
10KB

MD5
a648839460dd9e7b179467d1b7b94a56

SHA1
3143bf54547c988780601c5d16822f7f09c2bf0a

SHA256
3152c42255878396b44407762a9c1b3694c9add4c9d3be0b7872627d18d21ff8

SHA512
d8f450d254e4b62b149202cfaf3222c3443fb1a027bdfd3f5900e62e96310e19650d96418eb30a11c595eeccfb826b15d1af94cba4efb10cdd318bb625ba7ad6

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\SourceTree.Api.Dvcs.dll

Filesize
115KB

MD5
6bebcd1565fbd87050ae61e0a38ce715

SHA1
7c16d4d4316ad325249e2b3cf71d0a65211962a5

SHA256
dd71ec12ab7f57c6dafa7455edba3776188afeaca9084274752be57a8704de9f

SHA512
470dfc290293a924ae255d17a23a6e8ae086a74bd73192e34bd58791d258944dd8cccef02d2c55f875015654f4372f93e2ceba1477469995901a538d85847027

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\SourceTree.Api.Host.dll

Filesize
17KB

MD5
b2ce3fa3ff39da0c449d85d9f737b574

SHA1
297cd5555f711ff21a025ab8ce82b26e50ac7154

SHA256
53f2d00d7ba68f87067535856eedc75db1f5af8d77fee3ef63d5c9b83efb1d61

SHA512
4a89d85fe0c3f9dac64b9109ac77b764d4419c911ec1064f751c615be7f547bffbc56464a087c546f76ae9cd73f12adc23e58cadcce4fe10473871364927b7f8

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\SourceTree.Api.UI.Wpf.dll

Filesize
2.0MB

MD5
2cbea4afeffe766fb7fed5a566ca17cc

SHA1
e7105cc71781da0cc271c8c7db8896236c42c9e1

SHA256
743f2a8afc06a572f90d1b27a48aeaf1064df99a4f6b291ad0c7fed2d6e8c8eb

SHA512
db240f8f7124efd9bfa6c37c1c1611811e076cb37069d0f7eb2c7edf3d31d6a4643b5532c35d4bfc121a63be85dc4ff0a81ad39528221582f7abfc2bde9d5a4d

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\SourceTree.Api.dll

Filesize
131KB

MD5
e29caed626ff317e9c8cc16b1a862950

SHA1
e8a0a09a781b11bd455862f22a6c920f683e70c3

SHA256
0b371a5eca15a62fae0f744307b42ef7a79ed711c3013bbe9a10bd4b41c346c8

SHA512
8b51ab04c9d280766e943d6c92124d5657343f1e03e0565822db294178fa71e5b6bc0accf165129a7b04b966afe0fe6ec33914fb2d91209dd641db3f66215f82

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\SourceTree.Localisation.dll

Filesize
364KB

MD5
e95d6f7925ec4dc1d3df68d1f6a3e715

SHA1
94a318b4df43a11a76d4e6b1e5f0b37117e661fb

SHA256
ab47e40f44b5ac96e93522d68a85590085083faaba8d5c53d8de4ffdd0b09b6f

SHA512
571cd24db1d6ec44eaef52096fcf5e94765e476089bbb4b2d604be101bb8f992ddef7a8151915ec389c4fbae7e4799eef392eed92e2c23458ad9644cd300094d

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\SourceTree.UI.Theme.Wpf.dll

Filesize
4.1MB

MD5
efb8d1120b8741bea6c254cc875aa182

SHA1
9f0028ce26bf8750cf57a124245b129fd000acad

SHA256
59f89f2821b7b03f425de9065c1155b38cb27337f262d4d4b5a10200cee4e21e

SHA512
ba43b03074eff51fff075ff665efeb9b1aef5ae80c6dc4de221b1c3e6d541c88d52d3f9555f88e06342fb32808266bdd1aa390b0ce6745c0088ff0cb442d66a8

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\SourceTree.UI.Window.Welcome.Wpf.dll

Filesize
104KB

MD5
0ca331a91ccb31024431efca40d149ca

SHA1
3eb7cb29445c6e28dc94f903a09db1d51ed9f8cf

SHA256
32e946227074765d983782a54f8a6dbed92eabbc0bbcd766fbb55304819e184b

SHA512
68c53ecf59028923d935d6cdeba33bc2e258e7d6d56571525f16118e78f2b060a5f7c9ff93aeaaa33fa366d04c7452fb1243bc430f7c777b0432f675ac4e02d7

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\SourceTree.exe

Filesize
849KB

MD5
98debe67f5a108f42377f4e16a1965df

SHA1
07cd2dc433758650d2289e591fb6a4a8d53f8ed5

SHA256
efdd73546c8a43e876fc4fa9189817417439492f6b8f5084352926b6fbe3dbda

SHA512
c24612d3f31e756310d4a7ccbdc4370050cff9431666fd4dc11af58bafdfcc2cc6a110e9b41dba61010679a8ac1b988dcbd59c5282d07e6bf4dd4c60072b893e

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\SourceTree.exe.config

Filesize
22KB

MD5
3114b296b5b1740445342325bc3f15d2

SHA1
fa13d3b074830be7517a16729b5ac40bc09ddb6a

SHA256
947e8701f937647d0192c42194ee609970003eab91d85b0579a151d9ac68d7d6

SHA512
c1b20db6e2bcbb3793ff041cc023aea75c9d4e41c31aed87f62d4e1bb21d4825699804e4a65fca1880db2755f1bc91ca7e151ecf112a72463f36528f0cd9991f

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\Sourcetree.Analytics.Emau.dll

Filesize
26KB

MD5
cd13e5feea5ae1d26bf6036b54335843

SHA1
77ee1dbf8c4187797f2f152ddfa4a5193eaf9444

SHA256
d3c773b375afb16e87a8b4af74cdec0114f6854d4965c87befb2a1bbdd77e8af

SHA512
e6465d69ab58f3279e41d0753eb9a983ad59a39864d3518a02fe0768eba677c44775a64e1483922ed22e643a123d075cbe8710a19b29c78315d50e32f0e05901

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\Sourcetree.Api.Account.Pat.dll

Filesize
17KB

MD5
17b2eac66dcd9170f92b03246d9d930e

SHA1
8ede1a676147152a56683008f144d414773d941a

SHA256
2481b153fda309435d621e17b98e54d79e9f82cad4f27ee90f7bcf911a33a1b8

SHA512
a5811356b1b161eeaf0780bc932cc5f3fed1be3e98c164ebffdea4244c99350192e8fa71b57b90a166197b30db4a2f1883387d68ff4ea2b98e8c280539d9d8c6

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\Sourcetree.Composition.VSMef.Net48.dll

Filesize
22KB

MD5
f56833f3c95cb8e43aa66d11ba4a88ee

SHA1
7b624945450bd94b63dc1d4b9170160488f05ced

SHA256
72ec8063f3d882e54fc31bcf28b060c69254e1493397a1af7cf2c8921d2fd45a

SHA512
5fb024d49ee9735412387c6c4af228f02bc361b9edc785c17c8982a8515aff829567b4a4b60600fd049f4c00d7e6e8a5ce1eb9b1ee50f05bec7a76865afbf4a1

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\System.Reactive.dll

Filesize
1.2MB

MD5
b5cc6edd50b049af8e26a02ae99a4760

SHA1
6cb154afd2cde5e269e5d88bf28655da61dbfe16

SHA256
791694d3e460ede3576d152df278274f55d146b11baeac69e8f3a7274d761380

SHA512
816f31d5a730c60abbe815608e3fc3a17846ab0b5b6e250325e713fbe11918c4f4c575ffbd40dc547d34ce77c809f42db1d44172e65bdd7f379c01ac220dd862

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\TaskDialog.dll

Filesize
93KB

MD5
ccabc7f505ef4a731b688fb63bd5aa7b

SHA1
f8deef02b0fdd9024d289fbba27789504caa7d53

SHA256
e381382cc58c1e318c938d81e3580d852a419268402682ffe7ba03b0898838dc

SHA512
fe04412f46724e6c2e0fe2461b55f5180a9bb27aa4bd8b508a4719439ba75fb7b08a5222f9804adcc999b0fb243689d2fd91d5bbee11b4f23c8adaec5e259804

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\chimera.extensions.logging.log4net.dll

Filesize
14KB

MD5
4274c8e212b43d44a16164360d2feb54

SHA1
c9b0093c17f2d8afd0e4863b92c37ad2da724a69

SHA256
8de333c25101f2c6c7108ea22e9ce821420d1bfd724d7ae6dfced87c5100cffe

SHA512
3bcf95b72bf8cf83195f8e8cf3a1582101b9d93d439298971872c73bb367999de60ddf6943213357c76215e01581d48b5cf1c424feb106ece48f4aee7c900ac0

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\log4net.dll

Filesize
268KB

MD5
32fcc70dc05aea039d3a1ceb329e3aa0

SHA1
806a844b58e209f0053ad56f0bf82dfb67c03c32

SHA256
ee79fb3c3a009e4b11062a4d4b827bca734aaa27476ba9cd3283876a47099287

SHA512
a0efea7019bca197d6d5bf643e386c43d1359d2669126c9be622bc084cb674c44facef1ce6ef71a092b1d829ef3e309c7af14bbf9a5d83cddcc4c77da677f463

Download Submit
C:\Users\Admin\AppData\Local\SourceTree\app-3.4.18\slf4net.dll

Filesize
21KB

MD5
601b37c20ff418f1d6cd7ee03f2d1b39

SHA1
a87233d9190e14b98eb7753161299fe4309cb25f

SHA256
8b5e8253419948cc4be6442290bc960f6a3ca006a16561340f629836cec21bb7

SHA512
f312d6c2434ccd213bc86851c687f731f4b75172011b313226208abb6db3ef5f196dab13c93f8a3f032514f680bb715a3323fa01f2e2609a8b07ae55034f8868

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\RELEASES

Filesize
81B

MD5
8d077ad0cd679cc3379c46e0464f1304

SHA1
a29edb7f66d9baabf9a3c510f40c3828f21d2947

SHA256
3e1df5850982906a9d8fe912d8f9a91a09b9711e8c89afb91a6e7d1dd850d219

SHA512
55e8e7c06e8d0895cd215ecfe4c8fb06131ec11080d5fca492f19259dde40ebe56b2b1c7545f0d79829f95a42f668d03cf0dc76597995dd039e338a77a907ab6

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\SourceTree-3.4.18-full.nupkg

Filesize
22.7MB

MD5
505ee670784eb28779cd58f50f1113c9

SHA1
329d29049db72bd8584590ce98faa9559cb3ab95

SHA256
41a398ab93bc0f404fa93a2a26b5e25975060111fc6ebf75b7df1054d1807223

SHA512
ffe4535794efde737f85a11d68d12b75f13a6afcf1e96dc28de0e9b81be6da0783e71894fd6c0c7f8784443c972eef3abf84d727fe45bdfc70dbda649249e64f

Download Submit
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe

Filesize
1.7MB

MD5
be71bd64082b4ba88d1b59c2d432c340

SHA1
4df45b97be889e6e479cc590546e1732c4eb3535

SHA256
edb23a210132682d4c150003d6e02a3d894d82ef018fdf986fbf9beb6b5d68fa

SHA512
5fedf278070c6fdc80a53f75c2a450403885937b1070377cd683e6b7767bef61cfce0c16076aa3619f5c991bb3cb07a174a3e6d10def1dd50e724b13048a53f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\v2jnae4d.awj

Filesize
40B

MD5
494fbca9ea01e525af8f21aa453b41df

SHA1
3a11484fd6a24720d47aa9d06b4d18188145848b

SHA256
f2efaa4551c754b4e1b1aee49ab0da840425ea874d4baa7c2c5b659808b898c0

SHA512
e6f580e9c77ba2e75088a3f3b29a08517572e0462c324add939a5bdfc9d841a48ecd326b89707e99d90c5d4da1007f73e4b77c2ab7f9b761b73d875c0798b836

Download Submit
C:\Users\Admin\AppData\Roaming\Atlassian\SourceTree.exe_Url_grh31hralxgvllvemj3lmpbjy1kdxxb1\3.4.18.0\kvfeysto.newcfg

Filesize
722B

MD5
de4e7ab3c8602bf5df0e6413b950035e

SHA1
4e7e38fd8efc4329a00effb80683f6c3060b766b

SHA256
63678b2d730be7504c9c26aa6d334a69c90a917608e8ba83ebff02d1959cc1d8

SHA512
13aca66246f453b8356cca75cd996a18d65f5f1121823f735ace867ca3ed5346af18274706c595c86ccc6e11469897b8d2255d8e9a4d79c9bf2d3502a959cfe8

Download Submit
C:\Users\Admin\AppData\Roaming\Atlassian\SourceTree.exe_Url_grh31hralxgvllvemj3lmpbjy1kdxxb1\3.4.18.0\user.config

Filesize
460B

MD5
a06f7aeef0142c366b01fd3db828775e

SHA1
5d13ffff48a54c8f21f3be37f02b1c97ac1cffb5

SHA256
84cdf62a7d2d12ac07f74cb495769836a738914e1ec7eceb2dea233e530b1e86

SHA512
88157c3bccc449d987ccb7be21e9535353528d74f82a893b356e78e398a651a2b326549799ea9abe8b94d58d82e68d8497933b381f43b261976d7222dba32548

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 71133.crdownload

Filesize
23.5MB

MD5
f5dc5b077009525217b206e97c814db5

SHA1
b67bc0c5dab084d7161cd46e8205f1463a2e0b4b

SHA256
31eac396d507bd88dd659ce6b86283423e7e43fbae6eaea00336a11ef9ef97ad

SHA512
8e1d9b5f967871c945b2a6e178bbbb3c80dc970a22001dd4287551a9d1c164ab365de8bea0b0d3361fd6bd122573c759c1376c874b5b827dc2c39aeb2e60a0ef

Download Submit
memory/408-13577-0x0000000000D60000-0x0000000000DB1000-memory.dmp

Filesize
324KB

Download
memory/752-13574-0x00000000752A0000-0x00000000752B9000-memory.dmp

Filesize
100KB

Download
memory/752-13576-0x0000000075240000-0x000000007526D000-memory.dmp

Filesize
180KB

Download
memory/752-13571-0x00000000753A0000-0x00000000754BA000-memory.dmp

Filesize
1.1MB

Download
memory/752-13572-0x00000000752C0000-0x0000000075366000-memory.dmp

Filesize
664KB

Download
memory/752-13573-0x0000000075370000-0x000000007539B000-memory.dmp

Filesize
172KB

Download
memory/752-13570-0x00000000007D0000-0x0000000000BFF000-memory.dmp

Filesize
4.2MB

Download
memory/752-13575-0x0000000075270000-0x0000000075296000-memory.dmp

Filesize
152KB

Download
memory/944-13557-0x0000000000D60000-0x0000000000DB1000-memory.dmp

Filesize
324KB

Download
memory/1404-13456-0x00000000007D0000-0x0000000000BFF000-memory.dmp

Filesize
4.2MB

Download
memory/1404-13458-0x0000000075370000-0x000000007539B000-memory.dmp

Filesize
172KB

Download
memory/1404-13457-0x00000000753A0000-0x00000000754BA000-memory.dmp

Filesize
1.1MB

Download
memory/1404-13460-0x00000000752A0000-0x00000000752B9000-memory.dmp

Filesize
100KB

Download
memory/1404-13461-0x0000000075270000-0x0000000075296000-memory.dmp

Filesize
152KB

Download
memory/1404-13459-0x00000000752C0000-0x0000000075366000-memory.dmp

Filesize
664KB

Download
memory/1404-13462-0x0000000075230000-0x000000007525D000-memory.dmp

Filesize
180KB

Download
memory/1536-13463-0x0000000000D60000-0x0000000000DB1000-memory.dmp

Filesize
324KB

Download
memory/2424-13551-0x00000000753A0000-0x00000000754BA000-memory.dmp

Filesize
1.1MB

Download
memory/2424-13555-0x0000000075270000-0x0000000075296000-memory.dmp

Filesize
152KB

Download
memory/2424-13553-0x00000000752A0000-0x00000000752B9000-memory.dmp

Filesize
100KB

Download
memory/2424-13552-0x0000000075370000-0x000000007539B000-memory.dmp

Filesize
172KB

Download
memory/2424-13550-0x00000000007D0000-0x0000000000BFF000-memory.dmp

Filesize
4.2MB

Download
memory/2424-13554-0x00000000752C0000-0x0000000075366000-memory.dmp

Filesize
664KB

Download
memory/2424-13556-0x0000000075240000-0x000000007526D000-memory.dmp

Filesize
180KB

Download
memory/2588-13564-0x00000000752A0000-0x00000000752B9000-memory.dmp

Filesize
100KB

Download
memory/2588-13565-0x0000000075270000-0x0000000075296000-memory.dmp

Filesize
152KB

Download
memory/2588-13561-0x00000000753A0000-0x00000000754BA000-memory.dmp

Filesize
1.1MB

Download
memory/2588-13560-0x00000000007D0000-0x0000000000BFF000-memory.dmp

Filesize
4.2MB

Download
memory/2588-13566-0x0000000075240000-0x000000007526D000-memory.dmp

Filesize
180KB

Download
memory/2588-13563-0x00000000752C0000-0x0000000075366000-memory.dmp

Filesize
664KB

Download
memory/2588-13562-0x0000000075370000-0x000000007539B000-memory.dmp

Filesize
172KB

Download
memory/3528-13452-0x0000000075240000-0x000000007526D000-memory.dmp

Filesize
180KB

Download
memory/3528-13451-0x0000000075270000-0x000000007529B000-memory.dmp

Filesize
172KB

Download
memory/3528-13446-0x00000000007D0000-0x0000000000BFF000-memory.dmp

Filesize
4.2MB

Download
memory/3528-13450-0x00000000752A0000-0x00000000752C6000-memory.dmp

Filesize
152KB

Download
memory/3528-13449-0x00000000752D0000-0x00000000752E9000-memory.dmp

Filesize
100KB

Download
memory/3528-13448-0x00000000752F0000-0x0000000075396000-memory.dmp

Filesize
664KB

Download
memory/3528-13447-0x00000000753A0000-0x00000000754BA000-memory.dmp

Filesize
1.1MB

Download
memory/4448-13453-0x0000000000D60000-0x0000000000DB1000-memory.dmp

Filesize
324KB

Download
memory/4736-494-0x0000000009BB0000-0x0000000009BE8000-memory.dmp

Filesize
224KB

Download
memory/4736-105-0x0000000000690000-0x0000000000854000-memory.dmp

Filesize
1.8MB

Download
memory/4956-461-0x00000241C9BE0000-0x00000241C9BE8000-memory.dmp

Filesize
32KB

Download
memory/4956-447-0x00000241C9690000-0x00000241C96A0000-memory.dmp

Filesize
64KB

Download
memory/4956-488-0x00000241CA0E0000-0x00000241CA15C000-memory.dmp

Filesize
496KB

Download
memory/4956-486-0x00000241C9DA0000-0x00000241C9DB0000-memory.dmp

Filesize
64KB

Download
memory/4956-485-0x00000241CA010000-0x00000241CA0D4000-memory.dmp

Filesize
784KB

Download
memory/4956-492-0x00000241CA480000-0x00000241CA542000-memory.dmp

Filesize
776KB

Download
memory/4956-401-0x00000241C93A0000-0x00000241C93C2000-memory.dmp

Filesize
136KB

Download
memory/4956-399-0x00000241C9310000-0x00000241C9318000-memory.dmp

Filesize
32KB

Download
memory/4956-397-0x00000241C9430000-0x00000241C9476000-memory.dmp

Filesize
280KB

Download
memory/4956-493-0x00000241CA180000-0x00000241CA19C000-memory.dmp

Filesize
112KB

Download
memory/4956-490-0x00000241C9EE0000-0x00000241C9EE8000-memory.dmp

Filesize
32KB

Download
memory/4956-395-0x00000241C9300000-0x00000241C930C000-memory.dmp

Filesize
48KB

Download
memory/4956-489-0x00000241C9FC0000-0x00000241CA008000-memory.dmp

Filesize
288KB

Download
memory/4956-387-0x00000241C8D00000-0x00000241C8D08000-memory.dmp

Filesize
32KB

Download
memory/4956-391-0x00000241C8D20000-0x00000241C8D28000-memory.dmp

Filesize
32KB

Download
memory/4956-393-0x00000241C92F0000-0x00000241C92FA000-memory.dmp

Filesize
40KB

Download
memory/4956-487-0x00000241C9F40000-0x00000241C9F68000-memory.dmp

Filesize
160KB

Download
memory/4956-389-0x00000241C8D10000-0x00000241C8D1A000-memory.dmp

Filesize
40KB

Download
memory/4956-385-0x00000241C93D0000-0x00000241C9430000-memory.dmp

Filesize
384KB

Download
memory/4956-482-0x00000241C9D30000-0x00000241C9D3E000-memory.dmp

Filesize
56KB

Download
memory/4956-383-0x00000241C92D0000-0x00000241C92EC000-memory.dmp

Filesize
112KB

Download
memory/4956-483-0x00000241C9D60000-0x00000241C9D6A000-memory.dmp

Filesize
40KB

Download
memory/4956-381-0x00000241C8CF0000-0x00000241C8CFA000-memory.dmp

Filesize
40KB

Download
memory/4956-484-0x00000241C9D70000-0x00000241C9D7E000-memory.dmp

Filesize
56KB

Download
memory/4956-379-0x00000241C9320000-0x00000241C936A000-memory.dmp

Filesize
296KB

Download
memory/4956-378-0x00000241C8CC0000-0x00000241C8CD0000-memory.dmp

Filesize
64KB

Download
memory/4956-376-0x00000241C9290000-0x00000241C92D0000-memory.dmp

Filesize
256KB

Download
memory/4956-374-0x00000241C8CD0000-0x00000241C8CF0000-memory.dmp

Filesize
128KB

Download
memory/4956-403-0x00000241C9370000-0x00000241C937A000-memory.dmp

Filesize
40KB

Download
memory/4956-372-0x00000241C96B0000-0x00000241C9ACA000-memory.dmp

Filesize
4.1MB

Download
memory/4956-472-0x00000241C9F10000-0x00000241C9F40000-memory.dmp

Filesize
192KB

Download
memory/4956-366-0x00000241AF810000-0x00000241AF818000-memory.dmp

Filesize
32KB

Download
memory/4956-365-0x00000241C8F50000-0x00000241C9088000-memory.dmp

Filesize
1.2MB

Download
memory/4956-471-0x00000241C9E00000-0x00000241C9E20000-memory.dmp

Filesize
128KB

Download
memory/4956-363-0x00000241C8D30000-0x00000241C8F42000-memory.dmp

Filesize
2.1MB

Download
memory/4956-468-0x00000241C9DB0000-0x00000241C9DF8000-memory.dmp

Filesize
288KB

Download
memory/4956-361-0x00000241AF730000-0x00000241AF738000-memory.dmp

Filesize
32KB

Download
memory/4956-360-0x00000241AF720000-0x00000241AF72E000-memory.dmp

Filesize
56KB

Download
memory/4956-358-0x00000241AF710000-0x00000241AF71C000-memory.dmp

Filesize
48KB

Download
memory/4956-356-0x00000241AF700000-0x00000241AF70C000-memory.dmp

Filesize
48KB

Download
memory/4956-354-0x00000241ADEE0000-0x00000241ADEF0000-memory.dmp

Filesize
64KB

Download
memory/4956-352-0x00000241ADEF0000-0x00000241ADF0A000-memory.dmp

Filesize
104KB

Download
memory/4956-351-0x00000241AF6C0000-0x00000241AF6E6000-memory.dmp

Filesize
152KB

Download
memory/4956-469-0x00000241C9D20000-0x00000241C9D28000-memory.dmp

Filesize
32KB

Download
memory/4956-349-0x00000241AD940000-0x00000241ADA1A000-memory.dmp

Filesize
872KB

Download
memory/4956-470-0x00000241C9D80000-0x00000241C9D9C000-memory.dmp

Filesize
112KB

Download
memory/4956-467-0x00000241C9E20000-0x00000241C9ED2000-memory.dmp

Filesize
712KB

Download
memory/4956-466-0x00000241C9D40000-0x00000241C9D60000-memory.dmp

Filesize
128KB

Download
memory/4956-413-0x00000241C9490000-0x00000241C949C000-memory.dmp

Filesize
48KB

Download
memory/4956-425-0x00000241C9550000-0x00000241C955C000-memory.dmp

Filesize
48KB

Download
memory/4956-423-0x00000241C9540000-0x00000241C954A000-memory.dmp

Filesize
40KB

Download
memory/4956-411-0x00000241C9480000-0x00000241C9488000-memory.dmp

Filesize
32KB

Download
memory/4956-421-0x00000241C94D0000-0x00000241C94DA000-memory.dmp

Filesize
40KB

Download
memory/4956-409-0x00000241C9390000-0x00000241C939A000-memory.dmp

Filesize
40KB

Download
memory/4956-434-0x00000241C95A0000-0x00000241C95AC000-memory.dmp

Filesize
48KB

Download
memory/4956-435-0x00000241C95B0000-0x00000241C95BC000-memory.dmp

Filesize
48KB

Download
memory/4956-437-0x00000241C95D0000-0x00000241C95DC000-memory.dmp

Filesize
48KB

Download
memory/4956-436-0x00000241C95C0000-0x00000241C95C8000-memory.dmp

Filesize
32KB

Download
memory/4956-433-0x00000241C9590000-0x00000241C9598000-memory.dmp

Filesize
32KB

Download
memory/4956-407-0x00000241C94E0000-0x00000241C953A000-memory.dmp

Filesize
360KB

Download
memory/4956-431-0x00000241C9580000-0x00000241C958A000-memory.dmp

Filesize
40KB

Download
memory/4956-429-0x00000241C9570000-0x00000241C957E000-memory.dmp

Filesize
56KB

Download
memory/4956-419-0x00000241C94C0000-0x00000241C94C8000-memory.dmp

Filesize
32KB

Download
memory/4956-405-0x00000241C9380000-0x00000241C938A000-memory.dmp

Filesize
40KB

Download
memory/4956-465-0x00000241C9D10000-0x00000241C9D18000-memory.dmp

Filesize
32KB

Download
memory/4956-464-0x00000241C9C00000-0x00000241C9C08000-memory.dmp

Filesize
32KB

Download
memory/4956-463-0x00000241C9CB0000-0x00000241C9CB8000-memory.dmp

Filesize
32KB

Download
memory/4956-462-0x00000241C9BF0000-0x00000241C9BFA000-memory.dmp

Filesize
40KB

Download
memory/4956-460-0x00000241C9BD0000-0x00000241C9BDA000-memory.dmp

Filesize
40KB

Download
memory/4956-427-0x00000241C9560000-0x00000241C956A000-memory.dmp

Filesize
40KB

Download
memory/4956-459-0x00000241C9C70000-0x00000241C9C9E000-memory.dmp

Filesize
184KB

Download
memory/4956-458-0x00000241C9C20000-0x00000241C9C6A000-memory.dmp

Filesize
296KB

Download
memory/4956-457-0x00000241C9BC0000-0x00000241C9BD0000-memory.dmp

Filesize
64KB

Download
memory/4956-456-0x00000241C9BB0000-0x00000241C9BBC000-memory.dmp

Filesize
48KB

Download
memory/4956-455-0x00000241C9BA0000-0x00000241C9BAC000-memory.dmp

Filesize
48KB

Download
memory/4956-454-0x00000241C9B70000-0x00000241C9B7C000-memory.dmp

Filesize
48KB

Download
memory/4956-453-0x00000241C9B60000-0x00000241C9B6C000-memory.dmp

Filesize
48KB

Download
memory/4956-452-0x00000241C9B80000-0x00000241C9B94000-memory.dmp

Filesize
80KB

Download
memory/4956-451-0x00000241C9B50000-0x00000241C9B5A000-memory.dmp

Filesize
40KB

Download
memory/4956-450-0x00000241C9B40000-0x00000241C9B4E000-memory.dmp

Filesize
56KB

Download
memory/4956-449-0x00000241C9B30000-0x00000241C9B3E000-memory.dmp

Filesize
56KB

Download
memory/4956-448-0x00000241C96A0000-0x00000241C96AE000-memory.dmp

Filesize
56KB

Download
memory/4956-491-0x00000241CA2F0000-0x00000241CA472000-memory.dmp

Filesize
1.5MB

Download
memory/4956-446-0x00000241C9B10000-0x00000241C9B22000-memory.dmp

Filesize
72KB

Download
memory/4956-445-0x00000241C9AF0000-0x00000241C9B02000-memory.dmp

Filesize
72KB

Download
memory/4956-444-0x00000241C9AD0000-0x00000241C9AE4000-memory.dmp

Filesize
80KB

Download
memory/4956-443-0x00000241C9610000-0x00000241C961A000-memory.dmp

Filesize
40KB

Download
memory/4956-442-0x00000241C9600000-0x00000241C9610000-memory.dmp

Filesize
64KB

Download
memory/4956-441-0x00000241C95F0000-0x00000241C95FA000-memory.dmp

Filesize
40KB

Download
memory/4956-440-0x00000241C9660000-0x00000241C9688000-memory.dmp

Filesize
160KB

Download
memory/4956-439-0x00000241C95E0000-0x00000241C95EA000-memory.dmp

Filesize
40KB

Download
memory/4956-438-0x00000241C9620000-0x00000241C9654000-memory.dmp

Filesize
208KB

Download
memory/4956-417-0x00000241C94B0000-0x00000241C94B8000-memory.dmp

Filesize
32KB

Download
memory/4956-415-0x00000241C94A0000-0x00000241C94B0000-memory.dmp

Filesize
64KB

Download
memory/5052-13567-0x0000000000D60000-0x0000000000DB1000-memory.dmp

Filesize
324KB

Download
memory/5504-13441-0x0000000000D60000-0x0000000000DB1000-memory.dmp

Filesize
324KB

Download
memory/5532-13437-0x00000000752C0000-0x0000000075366000-memory.dmp

Filesize
664KB

Download
memory/5532-13438-0x00000000752A0000-0x00000000752B9000-memory.dmp

Filesize
100KB

Download
memory/5532-13434-0x00000000007D0000-0x0000000000BFF000-memory.dmp

Filesize
4.2MB

Download
memory/5532-13440-0x0000000075240000-0x000000007526D000-memory.dmp

Filesize
180KB

Download
memory/5532-13435-0x00000000753A0000-0x00000000754BA000-memory.dmp

Filesize
1.1MB

Download
memory/5532-13436-0x0000000075370000-0x000000007539B000-memory.dmp

Filesize
172KB

Download
memory/5532-13439-0x0000000075270000-0x0000000075296000-memory.dmp

Filesize
152KB

Download
memory/5620-13433-0x0000000000D60000-0x0000000000DB1000-memory.dmp

Filesize
324KB

Download
memory/5724-13428-0x0000000075370000-0x000000007539B000-memory.dmp

Filesize
172KB

Download
memory/5724-13427-0x00000000753A0000-0x00000000754BA000-memory.dmp

Filesize
1.1MB

Download
memory/5724-13430-0x00000000752A0000-0x00000000752B9000-memory.dmp

Filesize
100KB

Download
memory/5724-13426-0x00000000007D0000-0x0000000000BFF000-memory.dmp

Filesize
4.2MB

Download
memory/5724-13429-0x00000000752C0000-0x0000000075366000-memory.dmp

Filesize
664KB

Download
memory/5724-13431-0x0000000075270000-0x0000000075296000-memory.dmp

Filesize
152KB

Download
memory/5724-13432-0x0000000075240000-0x000000007526D000-memory.dmp

Filesize
180KB

Download