727a20a3caeb6ba869ea392ebd7b29496fbc08f019b56ed959e48b903e6e14c6

Analysis

max time kernel
1796s
max time network
1812s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
20-11-2024 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Store-ind-10002.exe
Size

181.6MB
MD5

aa6c0f982ef38147d29a062f655c79e8
SHA1

3a7f6c67a3f292b17d047397cc6cae663758fb05
SHA256

727a20a3caeb6ba869ea392ebd7b29496fbc08f019b56ed959e48b903e6e14c6
SHA512

edf363155623e10697021b9d191d921d423026be1f537c47de879e97c76bb6b6644af41cdb87af0f6b3cfe0edb186ab056a0e20737220aed789ebb5dfcd8ddbb
SSDEEP

3145728:NkuGirATd5XXMWrjwCMS3JXJVhfSEx/aJjdsw7KwM8JiWb4URJE00cfAAerKzUOJ:airAj5Hwu3JThfhx/aVzo8AKfAAX/M2X

Score

10^/10

adware discovery evasion execution persistence privilege_escalation stealer trojan

Malware Config

Signatures

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "1"	LockScreenMain.exe

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\drivers\lrtp.sys	LISFProt.exe

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6533163f-1cb3-41b9-895f-ccc202f6e23d}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6533163f-1cb3-41b9-895f-ccc202f6e23d}\ = "LeASUninstallBHO Class"	regsvr32.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6533163f-1cb3-41b9-895f-ccc202f6e23d}\NoInternetExplorer = "1"	regsvr32.exe

Checks computer location settings 2 TTPs 15 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	LeASPac.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	LenovoAppStore.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	LenovoAppStore.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	LeASHive.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	LeAppOM.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	lsfinstall.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	LeASPac.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	LenovoAppStoreInstall.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	LISFInstall.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	LenovoAppStore.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	LenovoAppStore.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	Store-ind-10002.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	LeASPac.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	LeASPac.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	LeASLane.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FA0A17BC17FF10008872A7205D0D43E2_608DEF97DFACECDA8E97C6F270153A4F	LockScreenMain.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FA0A17BC17FF10008872A7205D0D43E2_608DEF97DFACECDA8E97C6F270153A4F	LockScreenMain.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8F8712BCE78D28F9C5E3E950CD93EADA_1F65CC854B95CA389DCD578176C8852C	LockScreenMain.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8F8712BCE78D28F9C5E3E950CD93EADA_1F65CC854B95CA389DCD578176C8852C	LockScreenMain.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\skin\store\dist\static\media\default.4cd9672d.svg	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\AppStore\LeAppStoreExtWallpaperPkg64.msix	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\ludpx64.dll	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\LeAppStoreTray.exe	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\LeASWallpaperPlay.exe	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\skin\store\dist	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\skin\store	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\skin\store\dist\static\css\main.c4ba66de.chunk.css	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\skin\store\dist\favicon.ico	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\sentry_x64.dll	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\amache\AmcacheParser.exe	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\skin\res\LenovoAppStoreWallpaper.ico	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\locales\en-US.pak	Store-ind-10002.exe
File created	C:\Program Files (x86)\Common Files\LenovoAppStoreNotify\LenovoAppStoreWallpaper.ico	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\LeASWallpaperPlay.exe	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\amache\AmcacheParser.exe	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\AppStore\LeAppStoreExtPkg64.msix	Store-ind-10002.exe
File created	C:\Program Files (x86)\Common Files\LenovoAS\LeASLane.exe	LenovoAppStoreInstall.exe
File created	C:\Program Files (x86)\Lenovo\LenovoInternetSoftwareFramework\LISFService.exe	LISFInstall.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\plugins\AppStorePlugin.dll	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\skin\store\dist\favicon.ico	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\chrome_100_percent.pak	Store-ind-10002.exe
File created	C:\Program Files (x86)\Common Files\LeASOpen\libcrypto-3-x64.dll	LenovoAppStoreInstall.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\AppStore\LeASPinTile64.exe	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\skin\store\dist\static\media\iconfont.5aa53198.ttf	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\skin\res\SogouExe.exe.png	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\snapshot_blob.bin	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\swiftshader\libGLESv2.dll	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\chrome_200_percent.pak	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\LsfSdk.dll	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\libAppUpdate.dll	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\icudtl.dat	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\plugins\RefreshIconConfig.dat	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\swiftshader\libGLESv2.dll	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\plugins\lsp.dat	LenovoAppStore.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\plugins\AppStorePlugin.dll	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\skin\store\dist\static\css\2.9c2742e0.chunk.css	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\LeASDyTile.exe	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\skin\res\lenovomt.dat	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\LeASLane.exe	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\Lsf\Lsf.ico	lsfinstall.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\skin\res\store_logo_min.svg	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\skin\store\open_comp.html	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\InstRes	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\Modules\LockScreen\userdefined.zip	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\skin\res\LenovoAppStoreUninstall.ico	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\skin\store\dist\static\media\iconfont.5db424e0.woff2	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\LeASMiniGame.exe	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\LeASRiff.exe	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LenovoInternetSoftwareFramework\lrtp.sys	LISFInstall.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\LockScreenAssist.exe	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\skin\store\dist\static\media\iconfont.5aa53198.ttf	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\LockScreen.dll	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\skin\store\dist\static\media\menu_tansuo_h.220beca9.svg	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\libcurl64.dll	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\libEGL.dll	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\LISF.dll	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\icudtl.dat	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\config\WallpaperCarousel.xml	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\skin\res\LenovoAppStore.ico	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\LenovoAppStore.exe	Store-ind-10002.exe
File opened for modification	C:\Program Files (x86)\Lenovo\LeAppStore\LenovoAppStoreInstall.exe	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\LeASMiniGame.exe	Store-ind-10002.exe
File created	C:\Program Files (x86)\Lenovo\LeAppStore\LenovoServiceAS.exe	Store-ind-10002.exe

Executes dropped EXE 34 IoCs

pid	Process
2484	LeASPac.exe
752	lsfinstall.exe
4388	Lsf.exe
3572	Lsf.exe
4848	LenovoServiceAS.exe
3084	LenovoServiceAS.exe
4720	LenovoServiceAS.exe
2104	LeASPac.exe
4592	LockScreenMain.exe
1816	LeASPac.exe
1712	LenovoAppStoreInstall.exe
1656	LockScreenAssist.exe
1456	LeASLane.exe
4948	LISFInstall.exe
2384	LISFService.exe
476	LenovoInternetSoftwareFramework.exe
4376	LISFProt.exe
2088	LISFProt.exe
4668	LenovoInternetSoftwareFramework.exe
3608	LenovoAppStore.exe
1696	crashpad_handler.exe
324	LenovoAppStore.exe
2624	LenovoAppStore.exe
3852	LenovoAppStore.exe
3980	LenovoAppStore.exe
1152	LenovoAppStore.exe
2044	LenovoAppStore.exe
3488	LeASHive.exe
5396	crashpad_handler.exe
5480	AmcacheParser.exe
5956	LeAppOM.exe
3076	LeAppStoreTray.exe
2052	LockScreenMain.exe
2848	LeASPac.exe

Loads dropped DLL 64 IoCs

pid	Process
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
2484	LeASPac.exe
2484	LeASPac.exe
2484	LeASPac.exe
2484	LeASPac.exe
752	lsfinstall.exe
2104	LeASPac.exe
2104	LeASPac.exe
2104	LeASPac.exe
4592	LockScreenMain.exe
4592	LockScreenMain.exe
4592	LockScreenMain.exe
4592	LockScreenMain.exe
1816	LeASPac.exe
1816	LeASPac.exe
1816	LeASPac.exe
1712	LenovoAppStoreInstall.exe
1656	LockScreenAssist.exe
1712	LenovoAppStoreInstall.exe
1456	LeASLane.exe
1456	LeASLane.exe
1456	LeASLane.exe
1456	LeASLane.exe
4948	LISFInstall.exe
2384	LISFService.exe
476	LenovoInternetSoftwareFramework.exe
476	LenovoInternetSoftwareFramework.exe
476	LenovoInternetSoftwareFramework.exe
4376	LISFProt.exe
2088	LISFProt.exe
4668	LenovoInternetSoftwareFramework.exe
916	regsvr32.exe
324	regsvr32.exe
3608	LenovoAppStore.exe
3608	LenovoAppStore.exe
3608	LenovoAppStore.exe
3608	LenovoAppStore.exe
3608	LenovoAppStore.exe
3608	LenovoAppStore.exe
324	LenovoAppStore.exe
324	LenovoAppStore.exe
324	LenovoAppStore.exe
324	LenovoAppStore.exe
324	LenovoAppStore.exe
324	LenovoAppStore.exe
324	LenovoAppStore.exe
2624	LenovoAppStore.exe
3852	LenovoAppStore.exe
3980	LenovoAppStore.exe
3980	LenovoAppStore.exe
3980	LenovoAppStore.exe
2624	LenovoAppStore.exe
2624	LenovoAppStore.exe
3852	LenovoAppStore.exe
3852	LenovoAppStore.exe
1152	LenovoAppStore.exe
1152	LenovoAppStore.exe
1152	LenovoAppStore.exe
3608	LenovoAppStore.exe
2044	LenovoAppStore.exe
2044	LenovoAppStore.exe
2044	LenovoAppStore.exe
3608	LenovoAppStore.exe

Modifies system executable filetype association 2 TTPs 2 IoCs

persistence

Modify Registry

T1112

Change Default File Association

T1546.001

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\AppStoreExtEx	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\AppStoreExtEx\ = "{6356F8FF-EE89-4956-BF94-BBD64ED8FF4B}"	regsvr32.exe

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	LockScreenMain.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "1"	LockScreenMain.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
3852	powershell.exe
5128	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 40 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chcp.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lsf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lsf.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chcp.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chcp.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LeASLane.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chcp.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chcp.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chcp.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LISFProt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LISFProt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chcp.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LISFInstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chcp.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chcp.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	lsfinstall.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LenovoInternetSoftwareFramework.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LISFService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LenovoInternetSoftwareFramework.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chcp.com

Checks processor information in registry 2 TTPs 38 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	Store-ind-10002.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	LeASPac.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	LeASHive.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	LockScreenMain.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	LeASLane.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	LenovoAppStore.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	LenovoAppStore.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	LeAppOM.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	LockScreenMain.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	LeASPac.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	LeAppOM.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	LeASPac.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	LeASPac.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	LenovoAppStoreInstall.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	LeAppOM.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	LeASPac.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	LenovoAppStoreInstall.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	LeASLane.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	LenovoAppStore.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	LeASPac.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	LeASPac.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	LeASPac.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	LeASPac.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	LeASLane.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	LeAppOM.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	Store-ind-10002.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	LeASPac.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	LeASPac.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	LenovoAppStore.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	LockScreenMain.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Store-ind-10002.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	LeASPac.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	LenovoAppStoreInstall.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	LenovoAppStore.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	LeASHive.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	LeASHive.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	LenovoAppStore.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	LeAppOM.exe

Modifies data under HKEY_USERS 52 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	LISFService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	LockScreenMain.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	LockScreenMain.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	LockScreenMain.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	LISFService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	LockScreenMain.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	LockScreenMain.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	LISFService.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	LockScreenMain.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	LockScreenMain.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	LISFService.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	LockScreenMain.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	LockScreenMain.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	LISFService.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	LISFService.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	LockScreenMain.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeASOpen.pdf\DefaultIcon	Store-ind-10002.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8044D9CB-FE47-4BD3-B8F3-5BA1957555AA}\1.0\ = "LeASPacLib"	LeASPac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LenovoServiceAS.Conn.1	LenovoServiceAS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{271ac8af-04da-4aaa-a740-302d9bb58116}\ = "PacWorker class"	LeASPac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{D0B9F4EA-715B-4771-A900-55885FB3234C}	LeASPac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84B1F75C-1148-448E-8FD8-4091B70A38B3}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6533163f-1cb3-41b9-895f-ccc202f6e23d}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{271ac8af-04da-4aaa-a740-302d9bb58116}\Version\ = "1.0"	LeASPac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LeASOpen.pdf\DefaultIcon\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe,13"	LenovoAppStoreInstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6533163f-1cb3-41b9-895f-ccc202f6e23d}\TypeLib	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LeASOpen.zip\DefaultIcon\ = "%SystemRoot%\\system32\\zipfldr.dll"	Store-ind-10002.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f4583ea-ff1f-43d3-8e80-dae9b3d86fe7}\ProgID	LenovoServiceAS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f4583ea-ff1f-43d3-8e80-dae9b3d86fe7}\AppID = "{cd7282b0-253a-444b-af0b-044ec5fcc42c}"	LenovoServiceAS.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6533163f-1cb3-41b9-895f-ccc202f6e23d}\Version	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{271ac8af-04da-4aaa-a740-302d9bb58116}\LocalServer32\ = "\"C:\\Program Files (x86)\\Lenovo\\LeAppStore\\LeASPac.exe\""	LeASPac.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{cd7282b0-253a-444b-af0b-044ec5fcc42c}	LenovoServiceAS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\leashop\ = "URL:LenovoAppStoreNotify Protocol"	Store-ind-10002.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8044D9CB-FE47-4BD3-B8F3-5BA1957555AA}\1.0\FLAGS	LeASPac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{37315A00-40DF-4A46-BDE3-4CA0506D9339}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	LeASPac.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f4583ea-ff1f-43d3-8e80-dae9b3d86fe7}\Programmable	LenovoServiceAS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f4583ea-ff1f-43d3-8e80-dae9b3d86fe7}\Version\ = "1.0"	LenovoServiceAS.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Unknown\shell\LeASOpen\command	LenovoAppStoreInstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6533163f-1cb3-41b9-895f-ccc202f6e23d}\ = "LeASUninstallBHO class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B47D7A7D-3511-4149-A772-578BFCBF261C}\1.0\0\win64	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f4583ea-ff1f-43d3-8e80-dae9b3d86fe7}\Version	LenovoServiceAS.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f4583ea-ff1f-43d3-8e80-dae9b3d86fe7}\VersionIndependentProgID	LenovoServiceAS.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f4583ea-ff1f-43d3-8e80-dae9b3d86fe7}	LenovoServiceAS.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppStorShlExtEx.AppStorShlExtEx	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6F3E3098-C56D-47BE-8740-9C50890B272E}\ProxyStubClsid32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LeAS.PacWorker\CurVer\ = "LeAS.PacWorker.1"	LeASPac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D0B9F4EA-715B-4771-A900-55885FB3234C}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	LeASPac.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppStorShlExtEx.AppStorShlExtEx\ = "AppStorShlExtEx Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B47D7A7D-3511-4149-A772-578BFCBF261C}\1.0\0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{6F3E3098-C56D-47BE-8740-9C50890B272E}\ = "ILeASUninstallBHO"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{CD7282B0-253A-444B-AF0B-044EC5FCC42C}\1.0\FLAGS	LenovoServiceAS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LenovoServiceAS.Conn\CurVer\ = "LenovoServiceAS.Conn.1"	LenovoServiceAS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LeASOpen.zip\DefaultIcon\ = "%SystemRoot%\\system32\\zipfldr.dll"	LenovoAppStoreInstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4BB0F777-17E1-4FDF-A60C-153DB9B88A20}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4BB0F777-17E1-4FDF-A60C-153DB9B88A20}\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeASOpen.zip\DefaultIcon	Store-ind-10002.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{CD7282B0-253A-444B-AF0B-044EC5FCC42C}\1.0	LenovoServiceAS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LenovoServiceAS.Conn\ = "LeASConn class"	LenovoServiceAS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LeASOpen.pdf\shell\open\command\ = "C:\\Program Files (x86)\\Common Files\\LeASOpen\\LeASOpen.exe \"%1\" filetype_true"	LenovoAppStoreInstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6356F8FF-EE89-4956-BF94-BBD64ED8FF4B}\ = "CAppStoreShlExtEx Class"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6F3E3098-C56D-47BE-8740-9C50890B272E}\ProxyStubClsid32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeASOpen.zip\shell	Store-ind-10002.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{CD7282B0-253A-444B-AF0B-044EC5FCC42C}\1.0\0	LenovoServiceAS.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f4583ea-ff1f-43d3-8e80-dae9b3d86fe7}\ = "LeASConn class"	LenovoServiceAS.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f4583ea-ff1f-43d3-8e80-dae9b3d86fe7}\Programmable	LenovoServiceAS.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\AppStoreExtEx	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B47D7A7D-3511-4149-A772-578BFCBF261C}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6F3E3098-C56D-47BE-8740-9C50890B272E}\TypeLib\ = "{B47D7A7D-3511-4149-A772-578BFCBF261C}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeASOpen.pdf\shell\open	Store-ind-10002.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LenovoServiceAS.Conn\CurVer	LenovoServiceAS.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f4583ea-ff1f-43d3-8e80-dae9b3d86fe7}\ProgID	LenovoServiceAS.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Unknown\shell	LenovoAppStoreInstall.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{84B1F75C-1148-448E-8FD8-4091B70A38B3}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\Lenovo\\LeAppStore\\AppStore"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LeASOpen.pdf\DefaultIcon\ = "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe,13"	Store-ind-10002.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\LeASOpen.pdf\shell\open\command\ = "C:\\Program Files (x86)\\Common Files\\LeASOpen\\LeASOpen.exe \"%1\" filetype_true"	Store-ind-10002.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f4583ea-ff1f-43d3-8e80-dae9b3d86fe7}\ProgID	LenovoServiceAS.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\LeASOpen\shell\open\command	LenovoAppStoreInstall.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppStorShlExtEx.AppStorShlExtEx.1\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Unknown\shell\LeASOpen	Store-ind-10002.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{A648A2C2-968B-4E20-AB0E-C4E9D18213A0}\TypeLib\ = "{CD7282B0-253A-444B-AF0B-044EC5FCC42C}"	LenovoServiceAS.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C	LenovoAppStore.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	LenovoAppStore.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0	LenovoAppStore.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
4928	Store-ind-10002.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
752	lsfinstall.exe
4720	LenovoServiceAS.exe
4720	LenovoServiceAS.exe
4720	LenovoServiceAS.exe
4720	LenovoServiceAS.exe
4720	LenovoServiceAS.exe
4720	LenovoServiceAS.exe
4720	LenovoServiceAS.exe
4720	LenovoServiceAS.exe
4720	LenovoServiceAS.exe
4720	LenovoServiceAS.exe
3852	powershell.exe
3852	powershell.exe
3852	powershell.exe
4592	LockScreenMain.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
668	Process not Found
668	Process not Found

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeDebugPrivilege	4720	LenovoServiceAS.exe
Token: SeDebugPrivilege	4720	LenovoServiceAS.exe
Token: SeDebugPrivilege	3852	powershell.exe
Token: SeDebugPrivilege	4592	LockScreenMain.exe
Token: SeBackupPrivilege	1656	LockScreenAssist.exe
Token: SeSecurityPrivilege	1656	LockScreenAssist.exe
Token: SeDebugPrivilege	2384	LISFService.exe
Token: SeDebugPrivilege	2384	LISFService.exe
Token: SeChangeNotifyPrivilege	5956	LeAppOM.exe
Token: SeDebugPrivilege	1952	powershell.exe
Token: SeDebugPrivilege	5128	powershell.exe
Token: SeDebugPrivilege	4720	LenovoServiceAS.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4928	Store-ind-10002.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
752	lsfinstall.exe
752	lsfinstall.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 2484	4928	Store-ind-10002.exe	96
PID 4928 wrote to memory of 2484	4928	Store-ind-10002.exe	96
PID 4928 wrote to memory of 752	4928	Store-ind-10002.exe	97
PID 4928 wrote to memory of 752	4928	Store-ind-10002.exe	97
PID 4928 wrote to memory of 752	4928	Store-ind-10002.exe	97
PID 752 wrote to memory of 5068	752	lsfinstall.exe	98
PID 752 wrote to memory of 5068	752	lsfinstall.exe	98
PID 752 wrote to memory of 5068	752	lsfinstall.exe	98
PID 5068 wrote to memory of 544	5068	cmd.exe	100
PID 5068 wrote to memory of 544	5068	cmd.exe	100
PID 5068 wrote to memory of 544	5068	cmd.exe	100
PID 5068 wrote to memory of 1992	5068	cmd.exe	101
PID 5068 wrote to memory of 1992	5068	cmd.exe	101
PID 5068 wrote to memory of 1992	5068	cmd.exe	101
PID 752 wrote to memory of 4484	752	lsfinstall.exe	102
PID 752 wrote to memory of 4484	752	lsfinstall.exe	102
PID 752 wrote to memory of 4484	752	lsfinstall.exe	102
PID 4484 wrote to memory of 3600	4484	cmd.exe	104
PID 4484 wrote to memory of 3600	4484	cmd.exe	104
PID 4484 wrote to memory of 3600	4484	cmd.exe	104
PID 4484 wrote to memory of 3824	4484	cmd.exe	105
PID 4484 wrote to memory of 3824	4484	cmd.exe	105
PID 4484 wrote to memory of 3824	4484	cmd.exe	105
PID 752 wrote to memory of 2960	752	lsfinstall.exe	106
PID 752 wrote to memory of 2960	752	lsfinstall.exe	106
PID 752 wrote to memory of 2960	752	lsfinstall.exe	106
PID 2960 wrote to memory of 2736	2960	cmd.exe	108
PID 2960 wrote to memory of 2736	2960	cmd.exe	108
PID 2960 wrote to memory of 2736	2960	cmd.exe	108
PID 2960 wrote to memory of 2664	2960	cmd.exe	109
PID 2960 wrote to memory of 2664	2960	cmd.exe	109
PID 2960 wrote to memory of 2664	2960	cmd.exe	109
PID 752 wrote to memory of 880	752	lsfinstall.exe	110
PID 752 wrote to memory of 880	752	lsfinstall.exe	110
PID 752 wrote to memory of 880	752	lsfinstall.exe	110
PID 880 wrote to memory of 464	880	cmd.exe	112
PID 880 wrote to memory of 464	880	cmd.exe	112
PID 880 wrote to memory of 464	880	cmd.exe	112
PID 880 wrote to memory of 776	880	cmd.exe	113
PID 880 wrote to memory of 776	880	cmd.exe	113
PID 880 wrote to memory of 776	880	cmd.exe	113
PID 752 wrote to memory of 3860	752	lsfinstall.exe	114
PID 752 wrote to memory of 3860	752	lsfinstall.exe	114
PID 752 wrote to memory of 3860	752	lsfinstall.exe	114
PID 3860 wrote to memory of 2528	3860	cmd.exe	116
PID 3860 wrote to memory of 2528	3860	cmd.exe	116
PID 3860 wrote to memory of 2528	3860	cmd.exe	116
PID 3860 wrote to memory of 436	3860	cmd.exe	117
PID 3860 wrote to memory of 436	3860	cmd.exe	117
PID 3860 wrote to memory of 436	3860	cmd.exe	117
PID 752 wrote to memory of 4940	752	lsfinstall.exe	118
PID 752 wrote to memory of 4940	752	lsfinstall.exe	118
PID 752 wrote to memory of 4940	752	lsfinstall.exe	118
PID 4940 wrote to memory of 1836	4940	cmd.exe	120
PID 4940 wrote to memory of 1836	4940	cmd.exe	120
PID 4940 wrote to memory of 1836	4940	cmd.exe	120
PID 4940 wrote to memory of 600	4940	cmd.exe	121
PID 4940 wrote to memory of 600	4940	cmd.exe	121
PID 4940 wrote to memory of 600	4940	cmd.exe	121
PID 752 wrote to memory of 948	752	lsfinstall.exe	122
PID 752 wrote to memory of 948	752	lsfinstall.exe	122
PID 752 wrote to memory of 948	752	lsfinstall.exe	122
PID 948 wrote to memory of 3076	948	cmd.exe	124
PID 948 wrote to memory of 3076	948	cmd.exe	124

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System	LockScreenMain.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "1"	LockScreenMain.exe

C:\Users\Admin\AppData\Local\Temp\Store-ind-10002.exe
"C:\Users\Admin\AppData\Local\Temp\Store-ind-10002.exe"
1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Loads dropped DLL
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Program Files (x86)\Lenovo\LeAppStore\LeASPac.exe
  "C:\Program Files (x86)\Lenovo\LeAppStore\LeASPac.exe" /RegServer
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Modifies registry class
  PID:2484
- C:\Program Files (x86)\Lenovo\LeAppStore\InstRes\lsfinstall.exe
  "C:\Program Files (x86)\Lenovo\LeAppStore\InstRes\lsfinstall.exe" -s
  2⤵
  - Checks computer location settings
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:752
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:5068
  - - C:\Windows\SysWOW64\chcp.com
      chcp 437
      4⤵
      System Location Discovery: System Language Discovery
      PID:544
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /delete /tn "Lenovo LSF Task" /F
      4⤵
      System Location Discovery: System Language Discovery
      PID:1992
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4484
  - - C:\Windows\SysWOW64\chcp.com
      chcp 437
      4⤵
      System Location Discovery: System Language Discovery
      PID:3600
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /delete /tn "Lenovo LSF Task 1" /F
      4⤵
      System Location Discovery: System Language Discovery
      PID:3824
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2960
  - - C:\Windows\SysWOW64\chcp.com
      chcp 437
      4⤵
      System Location Discovery: System Language Discovery
      PID:2736
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /delete /tn "Lenovo LSF Task 2" /F
      4⤵
      System Location Discovery: System Language Discovery
      PID:2664
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:880
  - - C:\Windows\SysWOW64\chcp.com
      chcp 437
      4⤵
      System Location Discovery: System Language Discovery
      PID:464
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /delete /tn "Lenovo LSF Task 3" /F
      4⤵
      System Location Discovery: System Language Discovery
      PID:776
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3860
  - - C:\Windows\SysWOW64\chcp.com
      chcp 437
      4⤵
      System Location Discovery: System Language Discovery
      PID:2528
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /delete /tn "Lenovo LSF Task 4" /F
      4⤵
      System Location Discovery: System Language Discovery
      PID:436
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4940
  - - C:\Windows\SysWOW64\chcp.com
      chcp 437
      4⤵
      System Location Discovery: System Language Discovery
      PID:1836
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /delete /tn "Lenovo LSF Task 5" /F
      4⤵
      System Location Discovery: System Language Discovery
      PID:600
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:948
  - - C:\Windows\SysWOW64\chcp.com
      chcp 437
      4⤵
      System Location Discovery: System Language Discovery
      PID:3076
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /delete /tn "Lenovo LSF Task 6" /F
      4⤵
      System Location Discovery: System Language Discovery
      PID:4236
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3984
  - - C:\Windows\SysWOW64\chcp.com
      chcp 437
      4⤵
      System Location Discovery: System Language Discovery
      PID:2804
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /delete /tn "Lenovo LSF Task 7" /F
      4⤵
      System Location Discovery: System Language Discovery
      PID:3328
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1604
  - - C:\Windows\SysWOW64\chcp.com
      chcp 437
      4⤵
      System Location Discovery: System Language Discovery
      PID:964
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /delete /tn "Lenovo LSF Task 8" /F
      4⤵
      System Location Discovery: System Language Discovery
      PID:3852
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2496
  - - C:\Windows\SysWOW64\chcp.com
      chcp 437
      4⤵
      System Location Discovery: System Language Discovery
      PID:3452
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /delete /tn "Lenovo LSF Task 9" /F
      4⤵
      System Location Discovery: System Language Discovery
      PID:4860
- - C:\Program Files (x86)\Lenovo\Lsf\Lsf.exe
    "C:\Program Files (x86)\Lenovo\Lsf\Lsf.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4388
- - C:\Program Files (x86)\Lenovo\Lsf\Lsf.exe
    "C:\Program Files (x86)\Lenovo\Lsf\Lsf.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3572
- C:\Program Files (x86)\Lenovo\LeAppStore\LenovoServiceAS.exe
  "C:\Program Files (x86)\Lenovo\LeAppStore\LenovoServiceAS.exe" /RegServer
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:4848
- C:\Program Files (x86)\Lenovo\LeAppStore\LenovoServiceAS.exe
  "C:\Program Files (x86)\Lenovo\LeAppStore\LenovoServiceAS.exe" /Service
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:3084
- C:\Windows\SYSTEM32\net.exe
  "net.exe" start LenovoServiceAS
  2⤵
  PID:5036
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 start LenovoServiceAS
    3⤵
    PID:2392
- C:\Program Files (x86)\Lenovo\LeAppStore\LenovoAppStoreInstall.exe
  "C:\Program Files (x86)\Lenovo\LeAppStore\LenovoAppStoreInstall.exe" -c independent
  2⤵
  - Checks computer location settings
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Modifies registry class
  PID:1712
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile "Export-StartLayout -Path 'C:\ProgramData\Lenovo\LeAppStore\LStoreSoftsCache\check'"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3852
- - C:\Program Files (x86)\Common Files\LenovoAS\LeASLane.exe
    "C:\Program Files (x86)\Common Files\LenovoAS\LeASLane.exe" -subscribe
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Checks processor information in registry
    PID:1456
  - - C:\Users\Admin\AppData\Local\Temp\LISF_F5413.tmp\LISFInstall.exe
      "C:\Users\Admin\AppData\Local\Temp\LISF_F5413.tmp\LISFInstall.exe"
      4⤵
      Checks computer location settings
      Drops file in Program Files directory
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:4948
    - - C:\Program Files (x86)\Lenovo\LenovoInternetSoftwareFramework\LenovoInternetSoftwareFramework.exe
        
        "C:\Program Files (x86)\Lenovo\LenovoInternetSoftwareFramework\LenovoInternetSoftwareFramework.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:476
    - - C:\Program Files (x86)\Lenovo\LenovoInternetSoftwareFramework\LISFProt.exe
        
        "C:\Program Files (x86)\Lenovo\LenovoInternetSoftwareFramework\LISFProt.exe"
        5⤵
        Drops file in Drivers directory
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:4376
- C:\Windows\SYSTEM32\regsvr32.exe
  "regsvr32.exe" /s "C:\Program Files (x86)\Lenovo\LeAppStore\AppStore\AppStoreExt64Ex.dll"
  2⤵
  - Loads dropped DLL
  - Modifies system executable filetype association
  - Modifies registry class
  PID:916
- C:\Windows\SYSTEM32\regsvr32.exe
  "regsvr32.exe" /s "C:\Program Files (x86)\Lenovo\LeAppStore\AppStore\AppStoreCPLUninstaller64.dll"
  2⤵
  - Installs/modifies Browser Helper Object
  - Loads dropped DLL
  - Modifies registry class
  PID:324
- C:\Program Files (x86)\Lenovo\LeAppStore\LenovoAppStore.exe
  "C:\Program Files (x86)\Lenovo\LeAppStore\LenovoAppStore.exe" -c from_setup
  2⤵
  - Checks computer location settings
  - Drops file in Program Files directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  - Modifies system certificate store
  PID:3608
- - C:\Program Files (x86)\Lenovo\LeAppStore\crashpad_handler.exe
    "C:\Program Files (x86)\Lenovo\LeAppStore\crashpad_handler.exe" --no-rate-limit --database=C:\ProgramData\Lenovo\LeAppStore\dump\LenovoAppStore\ --metrics-dir=C:\ProgramData\Lenovo\LeAppStore\dump\LenovoAppStore\ --url=https://sentry-lb.lenovo.com.cn:443/api/37/minidump/?sentry_client=sentry.native/0.4.15&sentry_key=acc0257fbb344342835d55559936acb2 --attachment=C:\ProgramData\Lenovo\LeAppStore\dump\LenovoAppStore\ac0baa49-4247-4e52-c70e-e98841540a1a.run\__sentry-event --attachment=C:\ProgramData\Lenovo\LeAppStore\dump\LenovoAppStore\ac0baa49-4247-4e52-c70e-e98841540a1a.run\__sentry-breadcrumb1 --attachment=C:\ProgramData\Lenovo\LeAppStore\dump\LenovoAppStore\ac0baa49-4247-4e52-c70e-e98841540a1a.run\__sentry-breadcrumb2 --initial-client-data=0x3d4,0x3d8,0x3dc,0x3b0,0x3e0,0x7ffc25a828b8,0x7ffc25a828d8,0x7ffc25a828f0
    3⤵
    - Executes dropped EXE
    PID:1696
- - C:\Program Files (x86)\Lenovo\LeAppStore\LenovoAppStore.exe
    "C:\Program Files (x86)\Lenovo\LeAppStore\LenovoAppStore.exe" --type=gpu-process --field-trial-handle=2476,699211288475247233,13445877165289944944,131072 --disable-features=CalculateNativeWinOcclusion --no-sandbox --log-file="C:\Program Files (x86)\Lenovo\LeAppStore\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36&PCStore" --lang=zh-CN --gpu-preferences=UAAAAAAAAADgACAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Program Files (x86)\Lenovo\LeAppStore\debug.log" --mojo-platform-channel-handle=2460 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:324
- - C:\Program Files (x86)\Lenovo\LeAppStore\LenovoAppStore.exe
    "C:\Program Files (x86)\Lenovo\LeAppStore\LenovoAppStore.exe" --type=renderer --no-sandbox --log-file="C:\Program Files (x86)\Lenovo\LeAppStore\debug.log" --field-trial-handle=2476,699211288475247233,13445877165289944944,131072 --disable-features=CalculateNativeWinOcclusion --lang=zh-CN --log-file="C:\Program Files (x86)\Lenovo\LeAppStore\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36&PCStore" --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=2940 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3980
- - C:\Program Files (x86)\Lenovo\LeAppStore\LenovoAppStore.exe
    "C:\Program Files (x86)\Lenovo\LeAppStore\LenovoAppStore.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2476,699211288475247233,13445877165289944944,131072 --disable-features=CalculateNativeWinOcclusion --lang=zh-CN --service-sandbox-type=utility --no-sandbox --log-file="C:\Program Files (x86)\Lenovo\LeAppStore\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36&PCStore" --lang=zh-CN --log-file="C:\Program Files (x86)\Lenovo\LeAppStore\debug.log" --mojo-platform-channel-handle=2988 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2624
- - C:\Program Files (x86)\Lenovo\LeAppStore\LenovoAppStore.exe
    "C:\Program Files (x86)\Lenovo\LeAppStore\LenovoAppStore.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2476,699211288475247233,13445877165289944944,131072 --disable-features=CalculateNativeWinOcclusion --lang=zh-CN --service-sandbox-type=none --no-sandbox --log-file="C:\Program Files (x86)\Lenovo\LeAppStore\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36&PCStore" --lang=zh-CN --log-file="C:\Program Files (x86)\Lenovo\LeAppStore\debug.log" --mojo-platform-channel-handle=3004 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:3852
- - C:\Program Files (x86)\Lenovo\LeAppStore\LenovoAppStore.exe
    "C:\Program Files (x86)\Lenovo\LeAppStore\LenovoAppStore.exe" --type=renderer --no-sandbox --log-file="C:\Program Files (x86)\Lenovo\LeAppStore\debug.log" --field-trial-handle=2476,699211288475247233,13445877165289944944,131072 --disable-features=CalculateNativeWinOcclusion --lang=zh-CN --log-file="C:\Program Files (x86)\Lenovo\LeAppStore\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36&PCStore" --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3992 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1152
- - C:\Program Files (x86)\Lenovo\LeAppStore\LenovoAppStore.exe
    "C:\Program Files (x86)\Lenovo\LeAppStore\LenovoAppStore.exe" --type=renderer --no-sandbox --log-file="C:\Program Files (x86)\Lenovo\LeAppStore\debug.log" --field-trial-handle=2476,699211288475247233,13445877165289944944,131072 --disable-features=CalculateNativeWinOcclusion --lang=zh-CN --log-file="C:\Program Files (x86)\Lenovo\LeAppStore\debug.log" --log-severity=disable --user-agent="Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36&PCStore" --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4108 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks processor information in registry
    PID:2044
- - C:\Program Files (x86)\Lenovo\LeAppStore\LeASHive.exe
    "C:\Program Files (x86)\Lenovo\LeAppStore\LeASHive.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Checks processor information in registry
    PID:3488
  - - C:\Program Files (x86)\Lenovo\LeAppStore\crashpad_handler.exe
      "C:\Program Files (x86)\Lenovo\LeAppStore\crashpad_handler.exe" --no-rate-limit --database=C:\ProgramData\Lenovo\LeAppStore\dump\LeAsHive\ --metrics-dir=C:\ProgramData\Lenovo\LeAppStore\dump\LeAsHive\ --url=https://sentry-lb.lenovo.com.cn:443/api/40/minidump/?sentry_client=sentry.native/0.4.15&sentry_key=15c7191d02664891ac3f34c601d4998e --attachment=C:\ProgramData\Lenovo\LeAppStore\dump\LeAsHive\f4d6d6d5-531f-45ab-aa9b-2778482f3732.run\__sentry-event --attachment=C:\ProgramData\Lenovo\LeAppStore\dump\LeAsHive\f4d6d6d5-531f-45ab-aa9b-2778482f3732.run\__sentry-breadcrumb1 --attachment=C:\ProgramData\Lenovo\LeAppStore\dump\LeAsHive\f4d6d6d5-531f-45ab-aa9b-2778482f3732.run\__sentry-breadcrumb2 --initial-client-data=0x4d0,0x4d4,0x4d8,0x4ac,0x4dc,0x7ffc25a828b8,0x7ffc25a828d8,0x7ffc25a828f0
      4⤵
      Executes dropped EXE
      PID:5396
- - C:\Program Files (x86)\Lenovo\LeAppStore\amache\AmcacheParser.exe
    "C:\Program Files (x86)\Lenovo\LeAppStore\\amache\AmcacheParser.exe"
    3⤵
    - Executes dropped EXE
    PID:5480

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:5008

C:\Program Files (x86)\Lenovo\LeAppStore\LenovoServiceAS.exe
"C:\Program Files (x86)\Lenovo\LeAppStore\LenovoServiceAS.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4720
- C:\Program Files (x86)\Lenovo\LeAppStore\LeASPac.exe
  "C:\Program Files (x86)\Lenovo\LeAppStore\LeASPac.exe" -timer
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  PID:2104
- - C:\Program Files (x86)\Lenovo\LeAppStore\LeAppOM.exe
    "C:\Program Files (x86)\Lenovo\LeAppStore\LeAppOM.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Checks processor information in registry
    - Suspicious use of AdjustPrivilegeToken
    PID:5956
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "powershell.exe" appxpackage -name LeAppStore*
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:1952
- - C:\Program Files (x86)\Lenovo\LeAppStore\LeAppStoreTray.exe
    "C:\Program Files (x86)\Lenovo\LeAppStore\LeAppStoreTray.exe" -bysrv
    3⤵
    - Executes dropped EXE
    PID:3076
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -NoProfile "Export-StartLayout -Path 'C:\ProgramData\Lenovo\LeAppStore\LStoreSoftsCache\check'"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious use of AdjustPrivilegeToken
    PID:5128
- C:\Program Files (x86)\Lenovo\LeAppStore\LockScreenMain.exe
  "C:\Program Files (x86)\Lenovo\LeAppStore\LockScreenMain.exe"
  2⤵
  - UAC bypass
  - Drops file in System32 directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Checks processor information in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - System policy modification
  PID:4592
- - C:\Program Files (x86)\Lenovo\LeAppStore\LockScreenAssist.exe
    "C:\Program Files (x86)\Lenovo\LeAppStore\LockScreenAssist.exe" "6 {"ServiceName":"LenovoServiceAS"}
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:1656
- - C:\Program Files (x86)\Lenovo\LeAppStore\LockScreenMain.exe
    "C:\Program Files (x86)\Lenovo\LeAppStore\LockScreenMain.exe" /Resolution
    3⤵
    - Executes dropped EXE
    PID:2052
- C:\Program Files (x86)\Lenovo\LeAppStore\LeASPac.exe
  "C:\Program Files (x86)\Lenovo\LeAppStore\LeASPac.exe" -lockscreen_main 1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks processor information in registry
  PID:1816
- C:\Program Files (x86)\Lenovo\LeAppStore\LeASPac.exe
  "C:\Program Files (x86)\Lenovo\LeAppStore\LeASPac.exe" -timer
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks processor information in registry
  PID:2848

C:\Program Files (x86)\Lenovo\LenovoInternetSoftwareFramework\LISFService.exe
"C:\Program Files (x86)\Lenovo\LenovoInternetSoftwareFramework\LISFService.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:2384
- C:\Program Files (x86)\Lenovo\LenovoInternetSoftwareFramework\LISFProt.exe
  "C:\Program Files (x86)\Lenovo\LenovoInternetSoftwareFramework\LISFProt.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2088
- C:\Program Files (x86)\Lenovo\LenovoInternetSoftwareFramework\LenovoInternetSoftwareFramework.exe
  "C:\Program Files (x86)\Lenovo\LenovoInternetSoftwareFramework\LenovoInternetSoftwareFramework.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Browser Extensions

T1176

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Event Triggered Execution

T1546

Change Default File Association

T1546.001

Component Object Model Hijacking

T1546.015

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Lenovo\LeAppStore\LockScreen.dll

Filesize
2.3MB

MD5
40855adf482e3f453a962b50c50ed20b

SHA1
147aeab10fe3af70745a9fedb8c0db43670fa40c

SHA256
9709bd25e9f4ee1b81cc85227a24cfb3aa1c32f7db3235b6a442894ca300ce93

SHA512
5d46b4d458ea4559dfd5ab268f39b21556edb8fc895863935ee77bcde74c887770e225c754d28bbe9ce39558d6b34a8beab89e0be0f4759c213a143e74e81dfc

Download Submit
C:\Program Files (x86)\Lenovo\LeAppStore\LockScreenAssist.exe

Filesize
1.9MB

MD5
63c0be97e4393f71cda0e4d8a44d3c82

SHA1
e416c7ecd3e3436f865d0bce04bdf96df9839759

SHA256
3f5e0f05c9a2d3c329ed87a81d77da01b46f9c7f60018b36ef7e5fcc97e93604

SHA512
64671a854243c5ebd2ce7c90fae8fb49c872a214d907776a01461bacc0b94e16d89ce30af06fd8c1602ed7871c5bedce7218b7f32e7643b39d11b55fe8e1d190

Download Submit
C:\Program Files (x86)\Lenovo\LeAppStore\LockScreenMain.exe

Filesize
2.1MB

MD5
a596c8bbc3068fad1ae1d8d793e70c44

SHA1
195bbd40e42241112038b37422e166f607ad5625

SHA256
be3103592d0a53f2857aad056f678aa079ddc66c67d68284b80653f4b64363cb

SHA512
9844978b083d276f1d49d24216dcf6b814908833cc496eb4593db63cea7652a0a625224eecfedb7555a19fa4ba4098a91e6f0354c1c1878ba252571e9747d9f9

Download Submit
C:\Program Files (x86)\Lenovo\LenovoInternetSoftwareFramework\LISFDB.db

Filesize
20KB

MD5
10e16330ed8b758213afc9162705fa48

SHA1
5507eaadfb32aad8d0bf2563025e59d7bb9797fc

SHA256
3dd06d2746872567cb8700da03ad546c443e55dc825ce84dd404743c9eac7e5f

SHA512
3597b2ceda00e53ae59f8105c8c68a74997ae29df9c7dd6c50dcbfeb502988588d135d3f7ff9ba4ca8686ec1f22a2f7fb502b4f08e9296ab80c7490b21cabf12

Download Submit
C:\Program Files (x86)\Lenovo\LenovoInternetSoftwareFramework\LISFProt.exe

Filesize
101KB

MD5
2f1630a80b8330ddd5fe3dfa36eec400

SHA1
92c14b3a079cc138cd339c75aa9545e5214052aa

SHA256
1586d40bac058df7c41a067e01aeea70c84cd46dcaddef6a364a07fa31f9313d

SHA512
554ccad77834fdf4aae55e6b422c2642b0baa625e4a2e2ff01d5c93cd49fc7e2a89a5d34cef4f40d969e1180c63106429ba794cabf8a78e7afa2ff089820e6da

Download Submit
C:\Program Files (x86)\Lenovo\LenovoInternetSoftwareFramework\LISFService.exe

Filesize
68KB

MD5
5530f41b42a9a3ff50463280bdbea81f

SHA1
4a99bf38f42bee560286641361fa0df79d11a77f

SHA256
8868790d5aa108f05ee21686f106b6d44c88736c56ed57eb4498191e4f50649a

SHA512
8d65cf9f7fc2a741eeeece5424c14daea1554728be37ff3c6f943a8413133ac519b0462a43e3d5e7ddf5a0ffcf33888f5733a0fca8fff9722075651322215b03

Download Submit
C:\Program Files (x86)\Lenovo\LenovoInternetSoftwareFramework\LenProtectDrvSDK.dll

Filesize
317KB

MD5
2fb400346ef89653f5110cde65854d65

SHA1
aa11521fe25c6b79cc0ad7638213d0f8dda65719

SHA256
6c686707d3b157c1fc1e514df50a1799f9539905c25eb0f55ae132ca7b4eae05

SHA512
ea11081893aff3cff8a978c2a54f8830f5ac6283917e240d718a1467e0baa6d8e1368798731232edb82985f8c2d9e3785be2fb02ab4fccccae21f7793d591c30

Download Submit
C:\Program Files (x86)\Lenovo\LenovoInternetSoftwareFramework\LenovoInternetSoftwareFramework.exe

Filesize
2.7MB

MD5
b3a7934e0fb1a6d1fa0bb244f7bdd2d2

SHA1
4cae76c9dc9a27c705da823a514ea33c636e4e36

SHA256
5775dd665e4e966bb3ddf3d18e5cadb2665d3160ddf8d72e7dbbb6f822cc9fdc

SHA512
ee9b36ceaecc8489068126602c43aa4216e7268580f7b5059a73c59f9e3e8aa39fcb4e4176e9b9c5ce7a50494fddbbe3a6f342731f71c7d6679af2f178038d09

Download Submit
C:\Program Files (x86)\Lenovo\LenovoInternetSoftwareFramework\LsfSdk.dll

Filesize
362KB

MD5
430efcae44969de052d1935a87612bbd

SHA1
37c86be572c0741d4de3264a23aaab71d17f3fdf

SHA256
291c2c797ad7f186f7b9487d0da0477ba47cdea913af7aacbde0de9fc850f950

SHA512
8ba84c38ebce6f7b69032745ea14be18c4e51a3d881c0739852609830d06b491d8be340dac9aa5deb3c9a4a05151cbd8893f47d2eec354c9778ad7ab852dc626

Download Submit
C:\Program Files (x86)\Lenovo\LenovoInternetSoftwareFramework\ipc.dll

Filesize
207KB

MD5
1c9fc84711ef4923f4c7581d045ed204

SHA1
188a0b7a30dee0531c773852822b0e8ddaad430a

SHA256
fafc16d32e67c2e0b7207e370e22d0aefa5df0db9d846eeb0062677d458dc044

SHA512
eb17243c09b67be225d4793008dfb3eb71fad0311175c4a4e45827bad86253403a4ecbe7c044e0249e36069089c90044a34ab70d140a5ae726901184a432e5b3

Download Submit
C:\Program Files (x86)\Lenovo\Lsf\Lsf.exe

Filesize
6.3MB

MD5
96e65db486f87bf0366331b956d55f6b

SHA1
203321ae676af2414fc55c600b92c1f4f711b2f6

SHA256
f5a9f1e3b6f7346870435e6d5332bd69c2c37b00e128bdfea396d1dce0b8fac2

SHA512
99868043858006282409bb9b0e880dd1d87ec04549cd958a02076580ba7e3be4297cb90a2edae2a2a31f46d73cb5adc2e9a8ca51f586e3af7c69bd6692fe2b82

Download Submit
C:\Program Files (x86)\Lenovo\Lsf\prompt.dll

Filesize
117KB

MD5
35537a4345b653b493f166ede89aed23

SHA1
8191ba6750e17b48c50838e3a6cf66da5c424e53

SHA256
de33858e3a032937b4a3520341f18474e9d87d2ef4ffde492fd5ec9a93e0b2d8

SHA512
d573a998c32734171d2b71a695bfceee5d32769a5fa47f9a69cbfddd57925149b2d7edfbc5dc519c4ce6d8e78fea1da0109513c0c705497c1604336a876df587

Download Submit
C:\ProgramData\Lenovo\LeAppStore\LStoreSoftsCache\Soft.txt

Filesize
13KB

MD5
cf414862b0c10d4943ef7af434158387

SHA1
51a3d7f5c8f39f3f066b2e525b1caed22ecd0168

SHA256
1d45c11bb58785bc53c220dbb6551b9389a4c8688da78e83135d0182aae88b7c

SHA512
6b42e043e005be34b885402ca78a23fb9f7b1717dbd2a6aa34b2adf1859648083fe9adf242a9a257c066df00357aef1dbadb655e569cf1001ace37b76cb01f9d

Download Submit
C:\ProgramData\Lenovo\LeAppStore\LStoreSoftsCache\check

Filesize
770B

MD5
5a41972f70e75c42666ceb9aa97eec42

SHA1
fffe0f1e8367ba54f7a45db173c3581f15a1c7b2

SHA256
2099d89bf420b393599d84caa41d645014543c204f437248bf1ffd68c8b819b3

SHA512
6d706776a07438e3a54875ad7af126def23168fbec10cdfbf396d56188e6f3edd16276747f8315a035c8e362faa8eac47854a6ac40d7ba7e48280b2e0a18c9e7

Download Submit
C:\ProgramData\Lenovo\LeAppStore\LStoreSoftsCache\dytiled

Filesize
16KB

MD5
095200fc035aaf39e417343164814d4e

SHA1
06ae2c448c8486cfe8a08d1415d74b936cdcbd70

SHA256
94628d743bb58f8577fb185dff09694d26c47f5e5b361a74f14760616e222b80

SHA512
23c28d2880b3779dd7b1070e0d36913329a7743952c2bcb68e53b2fc855467aae6e83baccc51cbd8aa5fb8e01be24a959aeded419b688b8222992f3b7ed72bfa

Download Submit
C:\ProgramData\Lenovo\LeAppStore\LStoreSoftsCache\pacd.d

Filesize
56KB

MD5
553621a422abf3a3e728923886a1b257

SHA1
a79533f035edd19210ff2c8d396c7310500b0366

SHA256
434a50ce3d51bea3e1aebe0f9c2755a278d1504d023c7eb5354aef9b39369644

SHA512
cf935aeb35100041940d611b22d66669baed984bd99ab0817fcbefa2d5739722c244292ebedaca7ef048e1352dc31e16fc504da6c8f72abbbd845dffe92c2d9d

Download Submit
C:\ProgramData\Lenovo\LeAppStore\ico\{63880b41-04fc-4f9b-92c4-4455c255eb8c}.ico

Filesize
609B

MD5
b4dab4c9d75d70f9a5b590807f1f5720

SHA1
88b348fa2a1f8bad003eb00269f901c6a207ed98

SHA256
f297fd2b5d95247d04e058f30bb6bddbef6d6081b6b4412be4c6fb5e32969c5b

SHA512
eff9c570125e82bc1914f50220295caf8492ed7a0e7893d21404317391e79c9859e640150228ccedbfdacd78c29325956122eb42dfcec0aa09f8733cce2317bb

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\AppUplib.txt.logdat

Filesize
587B

MD5
66239d88c82698c6a5576c16ffee2b5c

SHA1
257e3e18c07797abffd95014a22daa330ca1d6eb

SHA256
37d58a4a683c0d073c28d0f2151b4f306ada2c99d86b66c0874d7eaec355e690

SHA512
37da9ac93d88ff98d02625de11009057f7010c27318b708b9328f9014ce5ce586a1080dab0f4df47bb580c1c41699a389c0e168cb9cc86a25d2642fc1549009a

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\LeAppOM.txt.logdat

Filesize
3KB

MD5
764512725fa4b9e60a7490d20d069878

SHA1
179de2e49e0ba12aa5ef246b450af5d2d1bc655d

SHA256
69b772092896b724a08060d2d2acda5fde125acb061ea55b75c57c0ec1d86230

SHA512
0c36ddab9c2bec72a853d80c22fa0898f50387aa92f9e526c03c7b5f5f0781717f61c7791088e50c8468c723705bf7532be178376e2a4bec4868ada00db66a82

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\LeAppOM.txt.logdat

Filesize
4KB

MD5
a88c895abf210a5701d7f3cc85f7510a

SHA1
f6bc250203999117e74faf817709b9888131c0fd

SHA256
0b1af111d4496f9a3040529dca0421e923c88b7d8e90ad5a2ab37c3d68b9f194

SHA512
9742ba0f3f5f0d2d8c7f2772c8aafb463e64ea731b5afdaa50c1404bddad4b0148c36d6ea82251b9a4530e3d8eeb169e553aea6204d04c77a07e143b738fcee3

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\LeAppStore.txt.logdat

Filesize
1KB

MD5
97f0855669a73008635a98aa7b73e147

SHA1
0703516236f1e966ca662ac57fd91b7262c74fce

SHA256
6c34653c0fa4eeab0019e6e82422974d3bffc9cbf62f90da000a12a0798b33eb

SHA512
23692468a8f22711681c8fc8cb7201dea2519a4564e9c1e16346ce18bbaedac25ef0d1d25689aaffe29bd8832c7762c468236b841b2b2c2c18418616774e4d14

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\LeAppStore.txt.logdat

Filesize
4KB

MD5
c2378d0f14cecc9724fc640184040947

SHA1
ae3d3c6ade39098dc00c354d718b12d240d8db33

SHA256
a47af07018508dc7ace519412aba01bce1dd2a2fe182c1b1ec334a89165786e0

SHA512
128205ad5aa5e28990505e579219ae4d5bdaee77f4473546de4097d2ff1416ed0cba0942cfc42d94f1fa9f35a94c2e4dcda4160dbd0747505b6a89ab7a111359

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\LeAsPac_t.txt.logdat

Filesize
1KB

MD5
64905564dafdb81d5cc9ca326059cd16

SHA1
1f53f743a3ece84038b4a9a6c1e911c9773fd77b

SHA256
883d0d798bc2fe717e1fd7b89e7a742fb3dc4b99be8c3e5b51b3d948a4949332

SHA512
044fbe6af4626689c89aeb19b9dc2ded223de1ddb820852d300c19005b1a3bd5c281050efef477976f622d0a977360e0b9787cfbd2c2c70e3469a243983b2bc6

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\LeAsPac_t.txt.logdat

Filesize
3KB

MD5
e240ae3549614da4f1ea5f9da465e1a2

SHA1
f2879630b200fda56546bb53492f9f6549d2e9cf

SHA256
0cd810139eaaa180a53e7b985d13f914bab2bb590bb6304d875f7d81c7c9944a

SHA512
cf2337bf6b5449afd847d4e128c3ceeb8f0b9c8d1faaecda0efff9080424ed381de0038cffef7367ff1458d88942a77ad19990c4cacc1a246203fb797f23fd63

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\LeAsPac_t.txt.logdat

Filesize
4KB

MD5
9edec742e4a9d7e1f6e8e81142bf0790

SHA1
e87b7865ec166fb8e6eb733d643b75f8e3da5052

SHA256
38b37d2de6cc90ddf85ed4b010ed4b3c60c01e1c9304225011d730218ed0ecd8

SHA512
03655373b2a2356b8eb25f1255e003a815acbd23e649f728c065fa329d17f2f00fef29d0eed0b16fc7f493a1645c302726d45999e5fdb1bd1682945825e538bc

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\LeStoreInstaller.txt.logdat

Filesize
2KB

MD5
d6f62b3c4e1ce558d22effb03a7167af

SHA1
04b4bab916c21161b932eb48ca29311b89b8bae6

SHA256
68af54cf6bf7d39b75a05c67435971920f001d0bab14a863b6a389b1dd464cbb

SHA512
68a9cb48d2dc9345848cc0a6b6f8b0bf5d5f60fa677055e005511ccf11655f065893ab8432e95b1f6e0fa20f28a83c9930764f20bd933cc5d102687ed41fbfa9

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\LeStoreInstaller.txt.logdat

Filesize
3KB

MD5
74c64ea039b0a6560f59ecd9f92000a8

SHA1
3f4d8a465e52677948cefbe0e3e70660d126a439

SHA256
3ec24d7f0a664ea4700e57927cf9de89eebb5fb5c8439f1cc2673a4d8441a3ec

SHA512
1a250d43dbb5adb89e563c77bd28d47a267adb6a2e6d5016dbc90cb21de2e3f3c49e9574429d597409c6a8e05f419a4eed4004d062dfbef56cb963aa29b130cd

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\LeStoreInstaller.txt.logdat

Filesize
4KB

MD5
18e39ca926caec4fd4c00e603583711e

SHA1
68801dec27734ce505ff45981ad2e30ccf897b31

SHA256
2ff78c75f465e0da24603a43aef78640c63d7175aa0e9d71ae83f2e031cf5050

SHA512
106229785e5bd44ed19a11cfe8758b4e62348f5ff321f763656cb946e98930650da4f7885e48d058630612ca8f204841de3198000dcc62441c0d24d899af3791

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\LenovoAppStoreInstall.txt.logdat

Filesize
1KB

MD5
b850b8f2c83684acf6bf3b201dfea2e1

SHA1
ca8c89fd10aad9fe144ecf5069239c7c53a926a8

SHA256
87029918f74b611f254449749cec7bc94f338db67ee4c318033855edec2475cb

SHA512
73510262452bad769915a7f9b5cf678844ca7d9fe934e1209c87e0e5f96d88ce5d734367cba3f7610b090ce82f2b7faea72ee3c6de69896046c85ab301756ec9

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\LenovoServiceAS.txt.logdat

Filesize
435B

MD5
8e5d37fdf3c4a4202133864654592f4e

SHA1
724010b8ed4f4946f3a698ecaa2e55fdb240b5e9

SHA256
27ffe9042d8dfcf7047d3a044a6104dfc787e347c34643c47963b994f720cd4c

SHA512
73cba9ac72d011a8b2e9f2e038fcec6121323617b3e51dec0051993a9ee4512f99bff238a804662d6edbcf6d4b2d2fc5fe7dce1aad98af5b345bf4765ff02e45

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\LenovoServiceAS.txt.logdat

Filesize
1KB

MD5
4fb49ce3045a94ab16d08e46a30c13a1

SHA1
1ec6cbc12e23b3fcaa3ead2ffb587898b28aa215

SHA256
bfec9065c50ca71618b3cdbdba447e675cd6af8f5f6b3c2eebf32fd98acfe60a

SHA512
7eabe1be80351ebe73275862828f0ae976ac10d7d6981b17b8aee338f709f552bd33685f4b695a0bec4c92ac36da20651a7dc2205f3e122c4102b13c17ce2f87

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\LockScreen.txt.logdat

Filesize
5KB

MD5
2e2f1a965e68fcb3a3835279c6645753

SHA1
c2d6e80c4f238b9b4bb60f4a157f34ede77768f2

SHA256
4810416c901c220617e56a3f4a9c19d14c862baa911d0a4c096d859d544de79e

SHA512
5865ef4666fafe0f39ce8934fe0d9a11aef1dd9af0c504c43accf58f78e94370a1b00233d724d7179e74d495a5ba326b654a6072d364f17c53b4d40e7011d483

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\WS_AppStore.txt.logdat

Filesize
3KB

MD5
e099db3d32bda533c436c9f0c8347e30

SHA1
da64c072bbd723ecf8f2bd44bee67c85922eae3d

SHA256
83d39d707cc316667c9f34679a15365d957ec870ed2393e7e1c3ecdca40d3578

SHA512
b8ce86e9f1040bbccb7389f18b9c1f6a7d00378dc26b53e8e886fe581544298bb76c64a9056c66484a9f95db8a4d9b0513e7684e12ebd618c7c6417a6f133709

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\WS_AppStore.txt.logdat

Filesize
5KB

MD5
72780bc64acd13a2a686733f53b71dfc

SHA1
bae59841228f73f9a5a45f1df74aa324fc5a30b9

SHA256
3fe0dd0a184bf73ecc4efc62e9efceaaebffe9bc107621f4bdb24c701a47521a

SHA512
6df4136338a8ddc8818a2115bd537546c9e0c5de497549c41ead8b194c03d19050669a58752929540a093fe8b335082efb26623c7c3bf74206f99924c0a9ae6f

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\WS_AppStore_plain.txt.logdat

Filesize
3KB

MD5
f89c19b27b444190af2713a9d5bcacd2

SHA1
3d304dc64309d0410db9b3fb3c6b4051c82f4b78

SHA256
420673d8b034ae5300ffc53e0a382a72542062003260d9a30a316a1ae422702d

SHA512
dc442a936366c5473d93c319fa55aa6894b82d3b9823c1a64a8691ef5d8bc61fc1415352145aee129ddfd56e1951ee10e7c54b6bd5d61d560a4af1b3a480339f

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\WS_AppStore_plain.txt.logdat

Filesize
6KB

MD5
b52e57c7390ff60f483aaf453933f10e

SHA1
a4d2c89c147e4bc9bda41809ad5ccdae8ccbce43

SHA256
4592a013ee6284c992f918772d22608368d922997571cad6fa5ca5d1021a7516

SHA512
c6e34c7dbc5979b79cbe5b2c6de2336ca25fdb3be3038aa3ba272bbf779394194b05fb04282683412c1b7f9b5770bde2e4e7c8de88eeb098c68580686a6e97a3

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\v3_appstore.txt.logdat

Filesize
1KB

MD5
a235d81e04fd81dcea562af7137af6ce

SHA1
588027699b0a56813f5de3bfe19f1753117f3edc

SHA256
c88638a41bf95ed1ba861fa69eb9111bfff214a4afaf260c1d01400ffb65687d

SHA512
2d5abeb224f6728bc786d0eb91bbbaf0365bd90653566aef69253f3381fe0078192acf694466b5c779229ebba4c933cf42a6cc76ec3c1041219ca2b609c63fd5

Download Submit
C:\ProgramData\Lenovo\LeAppStore\logs\v3_appstore.txt.logdat

Filesize
6KB

MD5
3c6586bca8168541e2294c3b89cfe34d

SHA1
b63145a1e82a2715d231f25ca5b2f79635000b64

SHA256
8038ffce93c53aa222eb0147fd4e3d40cc677d5bbc6edb67423b4dece5c31f69

SHA512
dd6a1619202c717b4b8eec4288e1a9a1b9fba303d1e1f1b1828927e6b8b43838a4daf3580564bc06fe2884fdc37cbf57e707cae2680827e4ffc319b1ddfeb661

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore\DisplayIcons\leaspac.exe.png

Filesize
1KB

MD5
d6de4fc74e978b577b24bc3d7fffab68

SHA1
38d6e5fc3c4feb4324a40c2a840f9821615297af

SHA256
efbdf859a71bfe3a115d2b42d0c1d44b9818d570f39e0df5fef8567cb25180d3

SHA512
7eca76aa02cf97b93e355cdff9568ec1a22e53c6f35d3c58bd3b5f6f74fd114e1592cccda7b056c182c4ee07a10a5071daadff0adee3105684ecc6e64a5e4629

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore\storecache\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
2cf276fea0e48ca5ccbeb63aa1e22c4a

SHA1
7dacd90f97027806065c74cb32cb92103c66aefb

SHA256
75518275cbf6d234c7f13e4840571c2d0cbb015fdef745238f5bd50970ddf031

SHA512
cfd0d41448a3fc269b38dfc6b8f9cbdc13260d4461ca73ef9b54a10556c4c746f105a33959b3a586e158a33a3821319c2cbca854ef7e3e72ce1cec169d4c3a75

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore\storecache\Code Cache\js\index-dir\the-real-index~RFe591ddf.TMP

Filesize
48B

MD5
0b6699fdb6758dd44ec674e4523aff83

SHA1
0ba9c16ea961e7b6120378a49cb579511f7da902

SHA256
d91537b3e33f101be47b0d42dd48c3fd1be5335b0f0dfc63e859932003ecec07

SHA512
e3180e425fd1a5b76727b340946919e8f04223f1c9686905f35159f1f4613b2e85805d93804db13d829006069f4afc027afe0884d293fa0431149996eed6c277

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore\storecache\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore\storecache\Network Persistent State

Filesize
389B

MD5
483a1a12234783b9f99cfa9bb3fc59b8

SHA1
e9161d86c3acee938a4682b3d2db15f0c367834a

SHA256
1e629318398755b8df06e8c5e75dfe177c5720f8bb661447bbabd1e9aa633c99

SHA512
f97910eb715d83b1826d28dbbe6cf92085d84e3cb368a2f9ca4722a697877e27691fc3f6b2a80a9dd5b73de5128532b359a3c733731876843e75cf4c56fa010f

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore\storecache\Network Persistent State

Filesize
299B

MD5
d39f0f996271b241a31c204133362a93

SHA1
eebeee4098f6e51a63943ac464cbd5d976e73fa9

SHA256
9d60260a34231f0b830a4a0c6b47b9673c691c122e07a95e20a0a17b3c90961b

SHA512
d282f0ef16f003e6d22270b6cd88354d0534768db244d487c955f39cd176eca6ad91df89714a408c749e2b619eb326848b51af1b9a40d4cd3ac25536d97c5a71

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore\storecache\Network Persistent State~RFe59a05d.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore\storecache\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore\storecache\TransportSecurity

Filesize
203B

MD5
645b2dc3544c639363d6747786050ca5

SHA1
e24a31c8f5bb7d7b926e3f61c8ea8ad916112d33

SHA256
f150d3944f328216571c8ab63fb238e7e4222ec437b96c094619aafdf758d13c

SHA512
77ee50dec9cfeb33d96e7066f3e7a3d5c895d3c9208be2b5d450036882582f1afdc0252aaeaa2e6dbb2946a90c3a5000304f7c876def532c8cf921c2559a961b

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore\storecache\TransportSecurity~RFe5a32f8.TMP

Filesize
203B

MD5
1dc5a4eec559f9a835dc140dbcbae9d2

SHA1
ff94f3e3cc380f7645f6f1e97ffcc8e461264a60

SHA256
161b8c209a583f8b9af8f9d7273c327b3e87ff285a3d541a7675764660ac9865

SHA512
936599a65d6aec1b7df94da2d313dd56483088812ed0872d47433643555da40ddcfd6d21e7d55682509efb973f35766b5e87a0a0f9f781b886478addda7a9564

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\AppStore\AppStoreCPLUninstaller64.dll

Filesize
1.4MB

MD5
b1882f4d10dcb723b146648e4f65ea8e

SHA1
42a681af5d2af5e65ccccc54cc2ee0cab0ca753f

SHA256
f16f42b330ec1d7d1618790d1c84a2b1c5f67ef09e2bdb868f460cc8f75aa805

SHA512
f6a163cb1316fdebcb9b3d6de06f69cf7e575837b849fb9f919c9d2fe8af56dff59e705e2f7cfe0ed7bf123cdf9b2176824b476d497d9f93c8b98ceccc966603

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\AppStore\AppStoreExt64Ex.dll

Filesize
1.3MB

MD5
b8d534341eaa5c11344e32830872baf0

SHA1
a98ddb690d58b4a70dd4ca3a3de21224781fe23e

SHA256
328d832c468d3afc80093be2087ac2128db866cb919b7bca6f1f912a31012d64

SHA512
4c99ad549fe9ebb94f60a80d351b7e9d11a73bd2ce6bac455f817be1030ae8283e2dc36ebbf513a48dfaf282bb83546079189bfe7b868c8d437e7eefb73d6593

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\AppStore\LeASOpen.exe

Filesize
2.5MB

MD5
6bf6bd871c00455abb59f56c8c076e7a

SHA1
a3569e7bbb91a26b8b504edaef378b6905c2efd9

SHA256
81aef8f0144f432a8c788bde8b3338790100aec2b32784c63f39d1f745a3b688

SHA512
d4311693b89edbf4c0771727d00eb9779ae8072f33b335d8f616afe401cb46dabce4ac28bd930cfdd92d7b961053eeee5f9d11d122aea7a322b29ac64b18b7dd

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\AppStore\LeASPinTile64.exe

Filesize
528KB

MD5
7a28163dea387c9516672f46b1b9e10a

SHA1
6ecb1670de04d3165116f4bc0d85161f8659eedc

SHA256
ac2945051b7e56b00843fd58b232841e4565e3936dd6a934955075e42d5287bd

SHA512
cdb2b42e750732ca28159a13d5e57fb41b839d7fd164f1805d9c76dc5964c21013c56e0574d01094ba27ed86c5334a94aeafb7bae5d71364dfe50e44bbaa9233

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\AppStore\LeAppStoreExt64.dll

Filesize
1.4MB

MD5
e157ce69911d6622c517575616c0cbc7

SHA1
a7c0c6198912fba5982bebacb5652bdbead8a6d5

SHA256
0d74476a65742c5f92d6d885d52bfe3eb3120ae3b671d0c949253b72d10c34d3

SHA512
805f41a83f094aacab7c3b8430bf76a1a53816a4dd946727726e749b8def5fb310a5dae0f3a820950137b535b6626de956afc4fa2b85aa1ad53dcb7c0cb86047

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\AppStore\LeAppStoreExtInstaller.exe

Filesize
20KB

MD5
55cf48b213a720c07b2aede15ecbf7e7

SHA1
e237a59df5109cb2bf207708f360d587f5978874

SHA256
e55e8dc10b444662ef918f4f26cd3160d080c8ce93d889778a95f52ff9a034bf

SHA512
0eed93020c3337b1039d2e15308c3717a674fa0da4b854a1fb09157f1889f7e0776b341232acf4eb732ca10ddacc9117c0b59574e470f3854c384debe226df82

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\AppStore\LeAppStoreExtPkg64.msix

Filesize
365KB

MD5
eff0f00a2b7d8144ec3b084c4b91e20d

SHA1
e6bf98e744eb215e71f74f3f7345e3461f6e5e33

SHA256
642103728ec8ec16865e82742353991bf10f5039b112e92753eb28ec2c0d750a

SHA512
198bbbcf2eb1fb04b00b9b8e9a78d30ea023e6d3160d9ad679c60fe14a230ebd568b3dbdf25a29cb1d67e19476664769686f107809cd42cc6954b17835f5fdfc

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\AppStore\LenovoAppStoreNotify.exe

Filesize
5.0MB

MD5
5c2e2a254d61cea8f2f03c82a490c09f

SHA1
3ac64cba004ec6a89a95b08ea8f7bab954b5aadd

SHA256
328da4fcf9b492a4302b38e0802228a4dfae143c9d6b3f76d257cd50967dc0cb

SHA512
2c7381f60b3bc9d5e074ce7b48c0240505e3cbfda7debd4d5b94f709902152d8d5cd7f049bd0b2a11c509f92693ecb143d5843bae79f7bfa60983aeedc098bb1

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\AppStore\PinToStartMenu64.dll

Filesize
451KB

MD5
f0b41b04f3ec3c816e5649dab2e62bb2

SHA1
f987d45abf68a4b32829129ae5d83fa046a860d2

SHA256
d957cd48cd7e116eefb684eabd81fb095a89e3366e05d8e5980ab06e551572f4

SHA512
3ba23850db6495aaefd310ce0f72ec1eafe8dfbd59284154e1679909489bbd86f91df499bd44e32d7527bf9048dfd6ab3c882f60d8f6cb3e97e94e244a25a202

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\AppStore\libcrypto-3-x64.dll

Filesize
5.7MB

MD5
cf27f766efdf962244c377f25ef8cd1c

SHA1
ff4d402a170c84e3128e34b9028e46a8d1294259

SHA256
d0f3d971a75369cd8a09e1019870df4832d4088bcfa5a2a360f1477a77be4938

SHA512
7d9a66ed7c04f35a63eda4a6148053563862e161271bfacf2aa626b6173cf2aa8ad28a70d72d9806cd7a9413795bac9f4f57f5d38d37cdc2cd0c4c634e1be1ea

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\InstRes\lsfinstall.exe

Filesize
5.6MB

MD5
00c8bc12af9ccd90c63c809a1c7ad079

SHA1
bc2c1739ee7aaf26bfaa972035b2084fc49af63f

SHA256
9fb62c5dd73ce7c66b6a17b2dce09fdf2aa364bb6b68b48782fac64d5818f0d2

SHA512
c9789e9d20e36b12977e31f45e9b72dd48376d0fa8e7d3c9e4d9faaecb77846d77f7ede502f4f8d95bb1f0cb7901b717ff32eb2f9672d68680bc9ac63b21e753

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\InstUtil.dll

Filesize
1.8MB

MD5
d83c5f45b9f9bfc3f6c75ec929907463

SHA1
483501033f35c91191687697e521bebdb6f56569

SHA256
e09e7544f94954f90f56ca30806e893dc2524c2b9e6213310fc782821a8b8564

SHA512
9e096e4943ae67ef856ca48471822bd6c9f6a017267386c982d703b060f65b880d9788d4d4ff3ae45ab2a14012047af13bd9ebc2e48075af8c5b51c41c240817

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\LISF.dll

Filesize
4.2MB

MD5
9e9bc2f0c83af9db9450fbe2bb3f67b7

SHA1
83ef735346e4577a18964ce7986acd029cf00f15

SHA256
6a6b0512f6e7b3dc9e8dbf3870f03d16dee421ab4db1b2c76403001be46b0407

SHA512
3cd4956a56fbd9edfae2fed88f6e49b20d295e7b8d04bf34a2dc380c1605925624de26208dd1219c19682752f4bc7face0cf96ac03c6bf9a96975205c361c9e2

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\LeASBubble.exe

Filesize
2.9MB

MD5
73649fe335928cbe80fb44a9f9b2ca60

SHA1
7aa3d355e12b1d8bfd9de825375671182cc3492c

SHA256
1f30370b087da9311273d25a53a56baa13011f4bd13cdfa2a023bb4e02ca862d

SHA512
953ea91bf7ea4e0f80a4aae5b23ac7eb3608d032b41a4e30e6d36e79a6bb5f2686287b0060915a11d873f9f4b7c01504f87c93d8a3022bef04aec50f250540f1

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\LeASCommonWnd.exe

Filesize
2.7MB

MD5
51c3596a537a0dcdef9f87514ecf421a

SHA1
93838e869e66ab4bb23c56a97cfb6781063a6455

SHA256
ac573cba45c0cc32ae6123908f6d3d97f51cd3d5d5995083c75ef67237d0cc35

SHA512
8f27a0d483126ae12940110bde244570aebb6a4cd09d455627f023578d1dd6869aa974654a3d5deffead51f48a7cb9702382ada66b211559d06775449906360e

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\LeASDyTile.exe

Filesize
1.9MB

MD5
b53e9628646fdb1bb1bcca828b1b11bc

SHA1
f42157fb460db443bde1ba490de587a27e00bb91

SHA256
8618f3f609f665367b9d45712d999ad9cb48776f463b8f22f6622d92dced3455

SHA512
f47eca18767e8aad17fa94a716c4301c9ce6eca320b6d1f58ae3f6e7111eabd84924f9a1da270e89a0a592365dcdafda773141605563662b39c0c31395892024

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\LeASHive.exe

Filesize
3.3MB

MD5
92df6284a61a50ee9738baffb5fac9db

SHA1
1ae58a1e89913676ceff455c4fe8284430f2a82b

SHA256
e4879c67c784b6828cd2785f3e181bd2d2862e1a1854c6fb351b7813675da7eb

SHA512
cab590ff8498c31c24bbab75519c79630fbd40f88e85753d4518f1d2e1eff81f4cbcc9c972e5023b83947398841f371955021de48ed2a309f351e0658367561d

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\LeASLane.exe

Filesize
2.3MB

MD5
ef573aa2bae6e9b3943f747aa76ab1b1

SHA1
7e89f887e256ddb7288c085ee0adf2642c306030

SHA256
87de028634baba31dff1fe04b6cb09f25ec338f5a600fac90ef358f4c41d3a14

SHA512
f8250c8a6e7fd0e38cdc9a1feeb0faec564042400f746f8aeb4f2280c5ec1841375c06aba2c386f4cc02b286dffb36e309b30d6c8868000b29f464fee945a52a

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\LeASMiniGame.exe

Filesize
1.7MB

MD5
7c42da2a147517f66062fa9d5e0fa907

SHA1
f33d0dddaae831a0c70a9c31518141ec7e6381c7

SHA256
c56dd2f87caaf36c57d8234274bbff04730c61e2e42b212e7fd5bcf669ea3634

SHA512
40182e1b1f9148fd9e321660b87ff984f9e720951b4dd2548d1532982d0ff1211d863e45f5dc896b16049cbaee0d09f71738a74f4a163589a273ae747eac5b6e

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\LeASPac.exe

Filesize
3.0MB

MD5
fde06bef2fd382f66e37c7cb0dbff518

SHA1
bb6aef29c24556053103fa3079ebb05869e9af62

SHA256
fb82c85243f4b7605e601382cc5e53905d18221ec7144913fd7681e072bfdc03

SHA512
54c746c39e4a56b4be9dc51127484ff0ef8f1dc3a5c0a89657961db316260b1ebeba7da52ff7d4c0fdd9f6a18a1a761dedec871480b9264c485041ba04cbe970

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\LeASRiff.exe

Filesize
2.1MB

MD5
1f5921969b7b9ce9454571aaae8e7cdc

SHA1
303da172f86e021720caf65a55534658330cf186

SHA256
5cae390276e7e9eb3d7c854055a12b9dba1e1f807417c41806b97320e4825dc7

SHA512
00e76c69e47f189b9aa378c48a1954ad335edacf77b64e40c0b1333fa8eabe680a3f6226e4a0ff7aa5f94623fe33d2b0162bf869e50a985400dc20f4d1e5ed52

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\LeASUnelevated.exe

Filesize
2.1MB

MD5
98d33fd94d0398ed69b437b2d92d9a59

SHA1
a85cfa3ff2f495cc3839c2e55eeee5012d758555

SHA256
174e2f8d5e6d48427034a290fcebd0c8455fa24c0a48db8bed9c74d8fc68303a

SHA512
a30570f64ef73b092cddb1975c3b0a0b1a3431cc803218e4b2312917afb6a8a7b5f852c4b4a2695d41c4643d2ad0e09e5229b9beb6a7ff3657a477f2cb4595ac

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\LeASWallpaperPlay.exe

Filesize
2.3MB

MD5
712b4495c3aad82104813a75d9b4f744

SHA1
e0016d3fd671bb6cf84a34f275907330137179cf

SHA256
f6873fc1ea02d133e09cefe0769302299737efc72cc064607685d26cfbbc7845

SHA512
63c15a4f7e02ed7069099d066bdcc95c770d499d7f53e3031de1e09a1543cc61c1b317dfaa483caddeec8e82308f3150cdc9c46821eb353f531b9a75b38dc47b

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\LeAppOM.exe

Filesize
3.2MB

MD5
da8a375fa01f90cc952a90bafcccad85

SHA1
9d94319ae7025025d91ab7e4e9770ef6c7622675

SHA256
273f2b72cd3f811b3be6317a116f9031af187ba07dbb73d97756e0c6c1db822d

SHA512
3b7b30ff7bcfbd04e88df81148f8835776c2a6fcce7f1f8ef2184a74ec1781bfa66cf5ee1bbc98ec66c2370bada4971c7c2e08f61ad2fda986348aeae00bd942

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\LeAppStoreTray.exe

Filesize
3.8MB

MD5
a34d0b7e06e8c39c1a25d737769a871b

SHA1
dcb1870d1557f1dd52523364c557bd6ec0fbd182

SHA256
6be2dfec1702274eda682bfe94f94b945524fb50025f2e5d64d241c68508ea0b

SHA512
9316935acc333d4aae28e67a0c4695711e628f7f1944a985cc873f1fb10256aee9ce7d356dc906a0901d43a04eb370e731a92180ad464a42dad7f06e8802ea39

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\LenovoAppStore.exe

Filesize
8.3MB

MD5
1fcc8dc2200c88f189a0529bb5ed32df

SHA1
852a576d3c3634ae3e2b1da3879087eec134ca39

SHA256
1f740e6b0c52ce95eaf9cca64b3d8dad21c939198d171312351a4e0536f43ad8

SHA512
ee7764e1e16166ca1562583c2d9014b082c0156e03e5302adff42ad2ef7e549d1b32d6b0115423f7d14384e81ab9a558c65651f48a330f9f59b3a18fb61ad88d

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\LenovoAppStoreInstall.exe

Filesize
2.2MB

MD5
56fefbcb7280fd7b2dd78ce5a8d7ff7c

SHA1
58df10d882900571ed89662942b0b39ae1b8a4dc

SHA256
19fd847fff79c2fe08579a29b3e3182a8b219748bfde03de2a3d54c7f328c578

SHA512
95afc67f8b7a010b2b2c67a61b72a6dc648d837f0daad6e019613731f5ff925ef386e98a60ccb8248c66c4600f7b6a66efdae4f15bbffcc1d57fd8e1db5ddd1c

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\LenovoServiceAS.exe

Filesize
1.9MB

MD5
6a14bbb7dd2be8be9254174c3eeb60ec

SHA1
824d91515e0511c999a278f67c3f17b12546b0cd

SHA256
4051d9f3c1c5fbd22d5a9f264c8316dff3a24019b91b1293517a98af42d3c8e4

SHA512
6059eb95a2d627bd9fcae9892456a89237e6662ead42b57a53708bd1ce5843fec6f6f14b7785a2e677dce0dbbd7fc8e740ad7fe2108554dc35115a914aa524ac

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\LsfSdk.dll

Filesize
453KB

MD5
4faf04aa2bcb3e5033d3c4dc154eeef5

SHA1
3139b3342a8be0a4d4e6656c12db3ff26afc4a36

SHA256
1725442af27c123db2b70093d37eff10d80a1f1a4ecedcb845ae96b2c6e6b095

SHA512
dd1d02aaa197296aa03ac71dc37e7975a79758f7c54ce4a6f60bcb4278c8cbced316f1af556be8157dc0b577a158d46db412e6c3423e7a649c02587d9c06ba83

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\Modules\LockScreen\000.jpg

Filesize
1.3MB

MD5
f42c5e27afe57eb9717894ec5105d09a

SHA1
15caf2e5c0085fa27afdf4c374b09292424e2573

SHA256
5b4337dea2488809ef7561102b272fa5a5a3bb112d52edfc72c4ce47ea12a71c

SHA512
95cf392d38870f20ad3497904f9ff4a8078730d3c28b53e8b14e3c0502e43a9cbac7321b1d20719771ba41f2c5c5a1c10fe887edcd9c7069ec4c17b3f9696e88

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\Modules\LockScreen\001.jpg

Filesize
1.0MB

MD5
5902d4289f9d0569931fa98f2b75bd65

SHA1
1f0f4558d86177d96ca8c2ce46a4101e4bf9e9fc

SHA256
c9ed877c5a02586c621f3ae3ea833ec8cb1ee381f86551635fbc6f2f6258cecf

SHA512
4efbeb3ccea85c39e029551bdc19b858d16a67fd2d0d978d3a5efd258b4b55d877587eba27cc46263a6f7f4161ac6039bec7321376e2fcae76e5fda44f0067e5

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\Modules\LockScreen\002.jpg

Filesize
894KB

MD5
8c48d5ed602b4be702fe52048bb88fe6

SHA1
a2ce1823650663ddcfc4a3cb75246fdd42047c44

SHA256
7dbd4a51e9894d7ce6393cee9ea2db9d89ad9e5b480708c3ae3ad0e82136b348

SHA512
efcacd6247aa18559bb38a4b2a5c0f8388dd57b6f68fd988646fc4a8d2c03dd841d81534b33bd28fbf12f080848eb752319143b796a4fd7e026b3ab9d70ed65e

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\Modules\LockScreen\userdefined.zip

Filesize
2.4MB

MD5
01468d80cf9706150c13c0c2d7f906b1

SHA1
076d852a13075147c317c12f102cf71815d330ff

SHA256
8b44bf2ee5804209437984bbc9cf328678b20048af1fdb8e3fdb664fb13ed8aa

SHA512
bf41bae15df32b2dc0e62094dd11d4d6bc46008baf9465d2b6ff75ecc8f3358ea44ee418d707fc16a3c4e440984f36fb223942848f3142030bebd92bb8913d62

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\StoreUninstaller.exe

Filesize
11.7MB

MD5
720793ec148c7f9756b984a08d699405

SHA1
c9db8dc0706648501944125dc772bdd3c9a67532

SHA256
16e37b2a24201b73b0fd7c8117a8ac4469033f72822b9494f02118314e847341

SHA512
4f126a531bab4b6320b7f17f0e0e81ba0f432bb0a4ff01666df417620179d1cff74346c44274c0b9e14fa0acbaa1a1f6fbd7e3227d273cdd840e70892f4a0c6f

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\amache\AmcacheParser.exe

Filesize
4.6MB

MD5
0bb7ced9170e34624c0bcceba60f0201

SHA1
c82b18560d6849a1000bac5906676a89cb58c243

SHA256
3173c15c6b5adbb4f94cd661f7eb00307f5efc3925eddecff68cd061132bb5fb

SHA512
94e1fecb1a0115c98c056da345a702314f0123a751d52a3867d54cace1a0525f5e764a31411ee9534ed1ad22a16a2e5915f77fed92377a52ee57bacd944fff52

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\chrome_100_percent.pak

Filesize
793KB

MD5
9ede15dce91f20d9e41986fae67cab8f

SHA1
ad66729e2651a9720190943330e6ca06b9a9e4be

SHA256
6078a6dcafd346983dbb9e3d792fdb9b3a82eb023a33c9fbe25518f6494873e5

SHA512
00f38279c04bed10129ceddc0a429b9d5630faef6691d776601979148cdaeeeb8747c5b41d8bb01235db90f2f8b1c65888d5419f89f159101964f8745a133c2c

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\chrome_200_percent.pak

Filesize
1.3MB

MD5
d21b1494dc0f44fdac59cb0045b3e89e

SHA1
d1727e0b940cf13676a114ed87343a5258bb6465

SHA256
3976e212767307de6f73b90cff8cd793fc54a7b86e40ae4df45e3c2e7d77344e

SHA512
f1e7aca392b3ce33100dd057243e76f149e07b3a082bb7703c0df55ec3e75642a281d1f0c387e58e82dfc6cb4736d44ac429ac8b7f35b66eb5c9aa6e87421119

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\chrome_elf.dll

Filesize
1.1MB

MD5
f41f380270a2c75e1584b8e79142f5db

SHA1
2c2487cf11045709e874eb0e17bedd1c7cb79249

SHA256
c189171b2c10c44139f19dc12747533470a566599d0b2e49d93ab9392ea38f68

SHA512
c7dd7df0977d3dd1d78bf6999df4232bbdfe490ce00e67580f380c460d86fc71ddace5ffa7c2052f1f5cbb011e09bfaea66b7c261e8efd8b4d4ec79f0eb450a6

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\config\WallpaperCarousel.xml

Filesize
3KB

MD5
146086781748b1be9cea3f7565cd85f9

SHA1
9836a7518351375d28389aa0497dc41f561d3239

SHA256
978ee884dbbbecde46b65fc08d554da4ec8f8d89b0b83bbc56b2b8906892617b

SHA512
23a2e9e51e0e8572639b937b587bb3b15828d6c6f2961ae179425c73a7dbfdcf5a17f918cddd3f5145fc5ce37e0ee923ce9fbe7187357dc81af58b090de9a470

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\config\checksum.xml

Filesize
7KB

MD5
5bca927f30e506270b8ab19155629df4

SHA1
0690fc957b4c922d974747e83f696e74918318b7

SHA256
6c10ba8fd6aabdc7a11aa21c5964aff1c774e4a5ae3a69057fa67ba2534aa257

SHA512
7174192b8ffb4f1152092240634d3ecfbf7c6e7324dbe7c0e7f76b57380df80b0262ea1a1df97a87f2cd24d33f29aabad8ee11738d28e3271a961a73bc9eebdb

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\crashpad_handler.exe

Filesize
866KB

MD5
775221df11f6431ea035bac83c374988

SHA1
193d5d5021822d7e2677332ccc2734d0cf17b265

SHA256
6afadc0490a5406dc401490177e4ba83e2680ef63461c10fd524cf1b0ac666d3

SHA512
2899c2b4e660330dd458f9dec3659c68adb3522da4b4a2728d8e02c3d208c040d7ac44423f4ae15a82f1184b029223a3f74ede4925dfd68b17c5dfd874deed25

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\d3dcompiler_47.dll

Filesize
4.1MB

MD5
6984e209798899984001209a2852f135

SHA1
4e967f9e28c9a497a8f74d9b5eb44d1a70381c7b

SHA256
d393ab0881406009af82e4fe32c845ca8fe2cfadeb0862814e3f430b2c5ead05

SHA512
5643819a3ba62eea35d106ab3a513e1fc81367271461d9395dfa7ac129be7c071ffc5c26e6f87c5c9249c3e43a74d4ce63d52b634eb7743717f6b70dc6e59c9b

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\icudtl.dat

Filesize
9.7MB

MD5
1437b26ea2ab24a8ef821dc47976c065

SHA1
6b41e0f12734b5a064d8a7c4ba2fe50f327b551e

SHA256
db22a9e60601d82a4bb855f7a98862b24210142d3b125d581c7274444d8d6b29

SHA512
e5fb944130c51eae286d51395909cc24769fe41df63d27b491fcb665df81eca32b5f0683b57715efc577475a206f5e4657194269c4fbe5338e00294eb15bf48d

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\ipc.dll

Filesize
207KB

MD5
66508cdbd648c28f5286b5ae910e1e60

SHA1
8b1485fbc78c6d683701b3f8b7efb9df4e5c5949

SHA256
631bd4c7bf39b737ed0de5503c41a6709d12a916a8389190df5e9468b031f365

SHA512
f629f60405b997790edb0b35539766ad7e7b5c7c5d1d9e39f056c71ed4782042a373d0ed6a7f5dfd9af81be9636d53615966dc6e402d7e4f6ab2e2d5afabb6d5

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\libAppUpdate.dll

Filesize
1.9MB

MD5
cfd2ddc372913b4978051a445e51abb9

SHA1
a1738fb2143d480acebbdeb362c53a0548ed8dfb

SHA256
b59a0483c12089ca1d6f92ffa462149e2a637f2cf77cc55ec116ddbc838c3054

SHA512
8489a0578c16b0732f5df6e90a6d1017d31974f8e430e2d263e920200fab02772d4856dcd001d201eb135fd751e97e59eeebc31cca912a089cf4810abd55f049

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\libEGL.dll

Filesize
402KB

MD5
01aa3f03df22411086d13efab0dc4367

SHA1
a373b0e3906168cfffd2b13156c03fa43622a52a

SHA256
c40bcb19fb0180981dd8fa56faab339465bf5a14f0505b9a751c1f8b006fb892

SHA512
41bb44e98352cf830875ad605d6a429cf7429cdbe96443b7f34a55403d59297cb94c4e51b7726a3b7636afb6d86d23466878d9019c5c6cf47c883ce7da944d23

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\libGLESv2.dll

Filesize
6.6MB

MD5
e02d7fe8ecca34940bf84f3fcd5b4992

SHA1
80af3508a5b12ffae1dfd7e8d39c89aacaaa158d

SHA256
5d4263209fab114b5f2a7e3b3bab5b896c57ba7b4c1b103bd33884719d66964c

SHA512
a8f1d9bd5c908b64d5616fec5f63040759f454a740c6fd2b6dda9e4106afba9bb593a60f1eba25a5c770fcdc8ca0c7d14704d79265adf3d9c39a4efaec3bad2f

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\libcurl64.dll

Filesize
750KB

MD5
94d806d5d23babdd47ec1bb127d90908

SHA1
52a040674ca1bf64fdf2b4637f3d081fc42e6899

SHA256
6d31fc960cf6a8778f426ef59b5fc96706a76eb0675c1a50dcfd87244830283a

SHA512
fa7986d3297877b95bfdc4dd3ef75975a3d811b2da3468f4324778bbcdfdc88bba984ec6a0a1b638e4b1f373a9ac27758b86cc204b99b6abe50bea4c4a6ad5f5

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\libssl-3-x64.dll

Filesize
1.4MB

MD5
acf1ae387d49e77314c843eb2bf6a2c0

SHA1
4988a41609bfc665267b0c9318f0a75429054356

SHA256
5d980c87eb8d04b48713ebaff91e240f6a2cb92e91cebbc6623a72c270cf656f

SHA512
f0212917fe83f44059055c68c92feab0694c464b4baffbaebd6241ea2ef16f0d340d6e3e5468871774a466c6e7ed3723b8570b6e46669ef926f0a2ff982ca43e

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\locales\en-US.pak

Filesize
271KB

MD5
555f85fc64aad8e25db9f2ccd20f7674

SHA1
96e94453229dd0d9ac84c402e15608a58cca937d

SHA256
68687cc279243777fae828abdbe9efe0eaac51aa5abe6957f532b3f2c9dbf860

SHA512
86bc46181da104432ac2487ea3672af0d88b1451587502e905e8899510755bb489c4f07300c1e48b48ee57033636e7369254ed534005394001a2b769cb52fc66

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\locales\zh-CN.pak

Filesize
273KB

MD5
34c252e417f1b67c9bf25c65fe1bba21

SHA1
a866c25544c31823266599c2a546b9955403a9ca

SHA256
0bae3a84be3c4aba5d044721ac66cc0536aa4b779c1c48a5dff4a1e7bb21abba

SHA512
8f9b4128ece18168d0d772fd26a4b5384f14a00ffc89da9c9f55282a14d58a50cb6a242089084c2b55fe28a51ef2de497e09cc739e9162d65b159b7822f42039

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\ludpx64.dll

Filesize
1.6MB

MD5
22b076e9caa3539d2dcd7f56ae5db7e9

SHA1
7612fada3232bae4a2e2cd5709365375d1e5b180

SHA256
213f2e8de8494389b085aeaba455046a599c2e00e5cf01a7f83d5176ab53c83e

SHA512
1330a8a09243d4d226ac37ab70a65e39e3386301a8a814d21f2572dcd67c4a00f331af0fa7b722a1c5597c3a6b16d898be0f9f7e9050bdac1815ce1b8bfea2f2

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\plugins\AppStorePlugin.dll

Filesize
418KB

MD5
aee34c295257cb17a4c1b00364ed4b5f

SHA1
d69311cf9723d080c8e19d5d7540e4468b242bf9

SHA256
8c387a876739391b5e37d076188f0e8d0fc522d0967c66dcc2e3d7655094ff90

SHA512
8007d67dce02188c7dcc080dc8eb45ad888a70f35a3c1999472b5022854ea797e98b01fc8f0029624b7f06b4dce502f396526a1136c358e0806632e791d01036

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\plugins\DeepUninstaller.dll

Filesize
201KB

MD5
31b524934dae7c6a619f9524119c9275

SHA1
454441d0155719115cff8f27ce57dc9df8240fb9

SHA256
6c0aedee658d3e8028acc64d137faa1af579e803ca21328da2e29e2a41e3837a

SHA512
17c3573c586fca119949db2259d72dc4901a3ee1dce770384e9003cd39eff1a1cc637319b7475d6e8f77c036ec9ed55a35c8af870fb9f6ccb65ea1cb3fffa0d7

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\plugins\LeAppTrans.dll

Filesize
3.5MB

MD5
24fe3788499b29128ff66ef636ebaeba

SHA1
31ce6fae78cd4c102da892abb43cdb8790d54d0a

SHA256
37301106adb3429a2b883735d9c205c8799809beabd936c8ca6497c557908f41

SHA512
33e6779aa0a42dbe426d0e47f57fa492c528261dabb4aec2e75ab50cb6a891d53d80a676c731c24087ed3d76b9078648ef7b1a564b045d73d2d9643bea06a3d9

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\plugins\RefreshIconConfig.dat

Filesize
1KB

MD5
cc6c56747f199e4aeb18b5a1bca3a9c1

SHA1
0dd240c48c8d6131a73edab0650b7efc1e9e7a39

SHA256
2e0c462cb36820058b3b6fd1608a3f469409fe41297473e50e96a68bf8693744

SHA512
3cf94a85e1df1881a9b5e324d2dd06de58598fca8779ab939790ad73a69681e08d591d80d79a589c1ccb62dac1452bc0ce52866dd17c45b92ccf194debd94a66

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\plugins\WSAppStorePlugin.dll

Filesize
7.0MB

MD5
6fcff530a447fa48f74ff23d2fb90035

SHA1
772ec8e5ec95cb098f693ed0a5c1441eb3531c7a

SHA256
795b44c4d0b4771aa5301eb4a8724ced8c0c2a254531bfaaa92e355365160a15

SHA512
eced6e5e9c1ee339c5347462e1032468315a12da43ce649eca7ef687a173300927014072caab3b70e44f0ed68dda3d387523d7e49984c8d019899023422a824d

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\plugins\lsp.dat

Filesize
6.9MB

MD5
c1e3127d492be3c0295caac9edbe4b42

SHA1
2cf53d0b46b82e2d95a3627f420bc9482495246b

SHA256
633dd82b2d299e3201e4b8dd9646b3a1e88583cf1ff04002d8687e360abe19cf

SHA512
c2a744ff8a7b6c55199ac525a18960d124b7e47989ce172462037f36ca57fea4030fa4978a5e29daf73293fa90efc0716d73aeaadb35018c7778785fabb74bf8

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\resources.pak

Filesize
7.0MB

MD5
22920d7c68f17cd8e45c6eef09989ed9

SHA1
d0f63a534947f1f010137cd50d8b1fa9e3d4a11d

SHA256
14fb38ca2fbbc6c0917c2c339ef2b53d882de4322762ecd38052726b1bce7f43

SHA512
cbdceefec70dd0b6ece5a37bb6dbdb76295305f18e5081e9bdedea5fe63ba77f7059b8d38a0d2c865519e44bb69725ae628dbe2f5f1503110de12d93a1b56d8a

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\sentry_x64.dll

Filesize
553KB

MD5
edcb6887b42c85fea35da60f22ca575d

SHA1
5495846278898ddb71782a116a6719bec43cc81c

SHA256
0761abf27ac83e7ee73c677113c21449173bec4796ea3ccfdf40d63588bb0f0c

SHA512
5678060e7f09ca341dd4352195b114fa0161c29919d30c4df50388c77099fcb9613210c0042b6e15e4e04d9427e3cd1c7fd9d076f19c75a23cb3b63bc0dbf9fd

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\res\LenASMiniGame.ico

Filesize
137KB

MD5
e95ef8b128371dc97757163c7496800b

SHA1
a5e5a2c56a63d71c06ac3c6de5e4accfc557ce40

SHA256
09e8a61ffe809d978d929c87d1848c6259c25a7d4a9d26776e018da520c13c8f

SHA512
3682680e5ffc727623430c5efef35afab7b67f4402ca2a366464d9276516185d36f9f69dd6fae36a921566a694c65055c999c5cc05bca48db4befd2345d71dbe

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\res\LenovoAppStore.ico

Filesize
317KB

MD5
e09a5975bd3cce94ad6b63c0cb66129d

SHA1
da281c05d59d1c5242c06c67ff2eff605e7dd541

SHA256
c791365744eb1c10577bdc6b621d44b8305455a578600a34bf7e216c82f918bb

SHA512
6e8fba83253a60490ea17423a551df606440b58c2e8ca5bc7c0dd159e7516cfd1d4c8752168b17a146b955b092f3388fc744539638298edd1c7da33d3dcce858

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\res\LenovoAppStoreUninstall.ico

Filesize
326KB

MD5
ad44d3e2c0721cc84d78349682e66373

SHA1
f569d11ef8d935d5306e387005a76c89c0337610

SHA256
fdb27fa5d3271a6601d8eb75727b89092b407f78e7c5620f6d4adeabd5e7fc8a

SHA512
da54557ab0e5959e04477afba6d28056facc827f65b6317aa41828aa45d8de88d4d169fdf7de8b2d807880c2c09128361fa4f609da28e63b77cd9a879bc6c055

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\res\LenovoAppStoreWallpaper.ico

Filesize
332KB

MD5
20a1477b457d4cd15106d57b2d2f1c27

SHA1
1f93bf2104977277ed1e3d8f9d4a39f3c435d68b

SHA256
fff246b1764b43297e9d9387ea683a1a5d913762d1fa0f9ffad3ea54e7e496f7

SHA512
2d3e21ecaf67b1ea01b20800fc74e2b0535376984cca9603a87e4dbe9d53eae2559383e7e4fe85c9152f6cfa9ed3f4c7a408ae4c319e8bec15b571418465d9d1

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\res\SogouExe.exe.png

Filesize
1KB

MD5
db0dcba68d6af6dca23c6476e962c84e

SHA1
ba109c38d0f205f24f7c30b2f53540d16bbbfcbf

SHA256
8087adc291cc6ad94b3a8b8efe683f2003ffec4e0b6fa96fb039e8eee6c6b53c

SHA512
0ea11d8a6cdd7216b162828ecd075fcebf96332a5249dd353b301472385e99668e7c949aba1ffa2cb5f88a6461069dcd47a22f66a6e798e838d52875846eae86

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\res\lenovomt.dat

Filesize
17KB

MD5
e5aac3534164893cfc8fa26c5cb937a7

SHA1
652001e80d2b23c7fdff8646da7bf4fe689a2f6d

SHA256
fff3c860403492ff09b230588bc407aa2af905b34bddea4a6fba18b7c5479d34

SHA512
864abb1bdb3947192be7ab702350f0614f3864f6112ab5405a622186d5cfcc67e7ac6e09468ec460d89ec6434cddd1f7af2351e7add8b4537482f7c991abfd75

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\res\store_logo.png

Filesize
4KB

MD5
9a6f35359bbd66242a3e50a7bc76c146

SHA1
bf9d952ffe27cf2b4c6e033a849aaf6dbe33789c

SHA256
6a909dec9b24e7d8f1241830d6659bcb4e8014bdc2caef4c2c490b1d56e5560c

SHA512
a83fc3dd640a1fa346b5721737ffed37ee5c133b01d5f154cbe8690902fb5f143169ac78fec76a547ef0b9dc484e2d0660279a2c77c5536b7c47678cd8d92eb8

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\res\store_logo_min.svg

Filesize
1KB

MD5
b346aa82aea606c185a83e7eb8098ee4

SHA1
f687964ce7ee16c157ac11127481475bf35b5a4e

SHA256
964b3f4e67626f60f3df4d08587a7d4ed5a800b99830a56e5979f318def22a7f

SHA512
9ba2701e5840018d427d9544b721663f9eea76331a0c6c5e8a6840321094155f87b6224e012cb07c17cc8673eb4f7553778d9fe36405490e166cb25b588f311d

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\dist\asset-manifest.json

Filesize
1022B

MD5
5b05e677b0c32979dd98c558df283236

SHA1
c65ea538c9d7f6236300d9acb7e99bdf6380955a

SHA256
2e78bcec303a2294daf6a7d3bff1a8814bb6b6d94235efb46378169e477fd9b2

SHA512
282e46d7e2ae617a788dc35649400f0a95bc73a2094f52851daf233a48d0e3ab12a1e775a04396a5c30db672b6b6e82144218d09f19ef1e5fb090800fce59332

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\dist\favicon.ico

Filesize
121KB

MD5
8b78b3762fda84a40a9b845031c3c5db

SHA1
f598eb9985ccd6f8a1e104ac30a6f23742e21773

SHA256
e0b09a583ad88fdff2cb7c2122274ecc18771b316e9827b76e6c70aee31c4264

SHA512
4844724ec646dd7bf26fe9664f2e775bb4a71089b96778c8eabb51fe1c4992c90e48cf92a05f692e2c55b8354833a24b26278823e9bf38e2c3b01bf215137c67

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\dist\index.html

Filesize
2KB

MD5
aefb0b07b822c1e8af3f45e4a2f30b79

SHA1
abe6ee4d681be18fbbec33589f4cf07284a64765

SHA256
518cd3e8df96a6465ede2ae5eea4a694513b3222152c770d1faa16f868f6cd84

SHA512
42fbdcc7f7e652bea6e094322747ee41c2564a0007358d1d2a55796715b641b9a1cd28bdee6e819f910ab1bf8a036f9d62bc73d4ca601645372b1713b6739c83

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\dist\precache-manifest.eb3c82d10c02bb0989a18d826c42d18f.js

Filesize
1KB

MD5
2f711041931f54c7aee8ba6c66a009f8

SHA1
86c427f3ae6e5fd96655c5221740a56cf9f15878

SHA256
082bbb157c111e170a7f1ac79b140c061b5ef0c511818e00427e09a3f978f5ef

SHA512
3dc922c2ff637a638da42dc3b8929e062d9101cc06766d059010b45d53f68ed5fb47173a3ad5be664d0fd4cb0478112316438552168353734878fe4befd6d35a

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\dist\service-worker.js

Filesize
1KB

MD5
bdb218aea48ba0e5d667870325d8ce93

SHA1
ce73cbf7c5f1ce666d1e290c894f03336d94bee3

SHA256
8c8dd641e103747a897ac0134cbf102fe2783153aea17655fb821748a3bfbdea

SHA512
0b51354549e9774964085b3aa438d7268baee7797ec57d3bd267b9ca2229cc58eb4964d9fe1e2b1888008496e56fc52d352c79637207e8d27a509f967b011b00

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\dist\static\css\2.9c2742e0.chunk.css

Filesize
1KB

MD5
97c5efb74ad89a101f3ea0b0ca47d220

SHA1
cf47d78ecd278d46b846894889b866ba9b2cbce1

SHA256
4734179b93aca70f13cfcc67a06c03fd06dcba2c83c6b9ab4eeb0107c259e4f7

SHA512
d3001fc188118f43ef212dc4b170017c97f37f8d79aedbccf73b1ee33b04a2db2ca6cd8b3b403fb8e74588cd6fac4f7177866648a8c783510dc796b4d4d4326f

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\dist\static\css\main.c4ba66de.chunk.css

Filesize
48KB

MD5
f010337f2c5f625584b732319b3894e2

SHA1
c0bc5d20ce38cbbf389ebf84d5a8b38c78c0a929

SHA256
ccba5f10e2d640aa64fddec2b40ad3e37ea139017ceeb824f4a8732d1ae07d92

SHA512
f219c9b8c73270e3eb1109b218c53852d97d772e897a02dd1a5678dc1b0421a64db5b5345bcbda95c7c920005fd60989032c2fb2f56f74c97fa52e1f1ddd6563

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\dist\static\js\2.b80c69ea.chunk.js

Filesize
489KB

MD5
f1bb3017e16c0b97c1ba039aaf6f06d2

SHA1
a4ad215d91fc1a10bdb007bff1931b67f76b6ac9

SHA256
9134d89bd29e008abd1190fe13e66bf912a6354a719af69cda49e6ffce6b2958

SHA512
78a15f6a6066c73fa5829f30eab466e5f30b0788a48c44db193445ff7e17b71e394f82728c161bc1df22851b8fd4ecdad136ac91a6b105ff242532b7499b6104

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\dist\static\js\main.65fbfb77.chunk.js

Filesize
38KB

MD5
0de3613b5cbc6b8fce6b38d999ff6c58

SHA1
c69101f82eef95069c5f4f03eba725efb486d0f5

SHA256
77c7d3c428478d6d9f07d4998c8be17624ac5085eabe0a05e89f486c0b410e3f

SHA512
aae2948595101f40c51a7bb589aa3aa50ddab6aae3ab84e59b7c903f746f866b4354923c2936c28bcf229103be675278b2d3bfdcd4a4c07a4838940f42e8cd16

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\dist\static\js\runtime-main.57e8483b.js

Filesize
1KB

MD5
199ef032764d9a37372dca256de731ce

SHA1
da365eccbfd944dad37b705b1537226b2d81b1e1

SHA256
14c4e3ba487ff799eceb6e94f0c2c0b62bd1fd5276cb66cb1f631b30b700df92

SHA512
5b18549ead07ecb1bec8799ad9ba5e941541fe6225e08e2743d0607ef23326b935d1f4f4f1971f90010faba8ddb0567edabb0a0c6925acc6568c0992ae42dd9f

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\dist\static\media\banner.47107ce0.png

Filesize
19KB

MD5
47107ce0b55eb919ff1c84cf8c1d3ee4

SHA1
05fd8cb6ee86565bd18ec021e075ddb3f0c6b67c

SHA256
540f4d681de56bea383659665887d9bbb75de7eef96c11d4389064495fdfae24

SHA512
b269a4bde9392b5bc584923de21b4870da5242fed5d1707154c1f96a602f1b191c2dbe095954b16c652f9744ea1a7ee5d7539595cab559226731ce04bea1293a

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\dist\static\media\default.4cd9672d.svg

Filesize
3KB

MD5
4cd9672dae65703cbe58fd20e8561b5c

SHA1
586dbcac3a22ba74651af1c5cc4d0b6501437da5

SHA256
6e1103223edc5cbe57c0b5836726bf835d25caea062d35ca8196e4a4d662a0d4

SHA512
4787ff898c9508a9fb7698df858337343b8289ed7d704492c3c3e1fe9e5ca90e79851512be5c8cd1b437e104f4c3ada0156e13fb4564605a9e128fea01f9aeef

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\dist\static\media\iconfont.5aa53198.ttf

Filesize
43KB

MD5
5aa53198a8156a40e499b3f9bc3c0a0b

SHA1
2419e89c8b09c0eafa7ce38b3fbd74b73dcdbe5e

SHA256
53d31e8f40f7b57cbf5642c859c68156bbe9c7d702b4431c2c5eeb7d96503474

SHA512
0dffb7dd032cdb5ef31a311851e60ed4d4869536c719dc3067052e85dc81796a46a9b8a4e01588ea3aa07fb42554935a0c7b40d7a724d1fb515243275decdb7a

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\dist\static\media\iconfont.5db424e0.woff2

Filesize
20KB

MD5
5db424e03f8ea986a7276204e0cbab7b

SHA1
bbda23ce4249b3e8fe6a2e8f41f58045c48accd3

SHA256
0846df1529b9aca21d4ca066abc64c57675d7b6989f050b03f92b14141b6db82

SHA512
f6e783158ae194caa1aae78ddcb6278d6bc56e331bf71b8d5eefb0f555a38fdf9c08e29fd14c7f1e46bc0205a63a5906eb2b565974afa394f92048bc270ed19c

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\dist\static\media\iconfont.dc9263e8.woff

Filesize
24KB

MD5
dc9263e8a82b50d83d86906dfde3b000

SHA1
16fc4c5d9d744e702867c4a95ca9817443fdba88

SHA256
093c731c0975ca98a9f51086a1a8e5c1b5ee30aea5f2a55a18ec4c1f296b7694

SHA512
914a344ba9abef5609d1d881a6da3ca7fd673d1877890c068c82c731d86b7df31c865650c2264731d0c6f4ada7ba37e055ba67034886539e195294a887232448

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\dist\static\media\logo.23523db7.svg

Filesize
11KB

MD5
23523db7ea1593eb3696e6c34a24145a

SHA1
d52397b2d1df1a259966003b84bda5da3c875e13

SHA256
bf29c6fcab4ce09e61cee5ade8cc06211e971aec36bf85c0eca6f53fbd32c49e

SHA512
9b4e5b63de5c8770d3e9102d99ed10f60c7f6ee95f64223cba438b5c66c5ecfe4f67481bad1a2d5e8d1d32158c50514a54377ec656722cdc65cedbb6a60d9917

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\dist\static\media\menu_tansuo.4a3ccb2e.svg

Filesize
2KB

MD5
4a3ccb2e3e9cd25df46501c64a1f9ab0

SHA1
28b14cc4027b212bb9ba8f597e95d50e552d50a8

SHA256
20a4b9928bebc2e6582ef0eb9f048e12a6832f9864a325e3ff6a75a04b1bea9a

SHA512
57ec0b8e5ed078f02a52c56bf5975655d24d99963ea3e783c007eab96a9e9cc2dd6cb1bf591d027feb5ca3c27d2ab8ec7e395f954e5c0571cee765fe198b69d3

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\dist\static\media\menu_tansuo_h.220beca9.svg

Filesize
1KB

MD5
220beca9ec4e1fbd2acf883d76f8c273

SHA1
6ceb8d8c9d8db75634e370e53c769f692569427c

SHA256
fc7d5a70a3a2024a240704ce55b3fa763f4b73a7bd2757f45600f6f82cb88fcd

SHA512
c55df15aac4424e7a81162dc3726f1111b445cc5994cafb7d311fed2353ad19c395dcdefd06b3470b3f71939422df403db6f76ba13dd5cc2e60db5d70b3433fe

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\dist\static\media\popup_notconnect.1c4b3097.svg

Filesize
2KB

MD5
1c4b3097f5db7d518ebe37bf55583609

SHA1
813dc1251209ba8ea551f3f49dce163ceb1b7a3b

SHA256
86ae9dd602dfa0e1999dac0c473243963a4455f99863e476edff40e016ae79f0

SHA512
8e100ab784d7ce254a7cd23612c84125fe9bf122b1736900c88ea971810b6e94480793b730b514afec19dd5d2fe577bdaacc7f2b3794d8742752e60f79b2b25a

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\open_comp.html

Filesize
43KB

MD5
59eb4d7ae39e2ce06e6fdd01cd4b7703

SHA1
a7381c85d1c82af3a65359926ac707057a65c872

SHA256
f50b86a9e62fe430752dee89700b922b81e09e009b7a1e4256a955c76fcbe353

SHA512
bb88c08a1d77c9258e2b076c75fb76e4cba458bfef3f5563391f521d1e5a0b3ded304bd3838c0666197fcc961e9ada6de000e4600dec5ff063a7d84155a6a3de

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\skin\store\shadow.png

Filesize
3KB

MD5
e98e49816d2aed26d26a755020ff1fb7

SHA1
37b8abe2bfd2043aa08e056e5223001d715f6dda

SHA256
ea23ff818bae62bbf28ff0b98fca9bb9536be7f7a2f02f5a79ab87e1739a4c29

SHA512
2762a88ea1ae3579e450fb62903508b3d399e23836b90588450eab27d75d9e30703e79ee9c5f626afaee01687196536130038b5ba07a677627cbfef9f532d273

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\snapshot_blob.bin

Filesize
48KB

MD5
5f4e781542a53b146783147ab25d6139

SHA1
0098e4b90122779e62c131935bb70d90e2ed63e2

SHA256
86727e2962703029572dbdd9895e45f788101b6fd4a7c75a0d323dc88f1e59dd

SHA512
91f19f5e1d5b3dcab9fe23db5cee4cff179e27ec6c444ae11d08eb62f52a08ea0c08e949f4ddd67e185b6f6ed44c1fd809d91bb65bd228418edd15aa8217b770

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\swiftshader\libEGL.dll

Filesize
419KB

MD5
b0d51e3668a9f025392f5933bf7d2771

SHA1
9b55a6c694c4a6f166b69066c29062807cbf0207

SHA256
14df054b15e9ed6afb623568e14f2abed5321c9f9eca609766474157797906ad

SHA512
1c9b2c57acd5b7a9174928162ad0c8fcaf2b47447b393bd68188b5a7e9581c6da9ddf3e3c0ebf957a7014ab93b76fca3e7f029d9f576c0e2e5c1b390d9f7dfb0

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\swiftshader\libGLESv2.dll

Filesize
2.6MB

MD5
2da374088840a0cbe23db7f4b3223518

SHA1
dbda29aa5e0e281dc6c92300df4e96ef3127ba00

SHA256
79d912b229334ab84bbdf9b0967ed4ca7ee87e2ef3653e4b1e42c8d67b7c2f0c

SHA512
5999e486216fdb7be5bad2dea7ef06a39dd93f71426dd8d6a6f769645b3c05f3e2fde5913a310cafb6547387fbacaf8c07c84bd90a76616abdd600f1888b6a6a

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\v8_context_snapshot.bin

Filesize
160KB

MD5
0bc02f4b922bc22512ce5dbbbd2f1efe

SHA1
323b900eabc84138e24bfdcafc51962a47eaa6cf

SHA256
f24e76db5cde055b97e0b2ebb8c4d8cd00fb474720a92569cb18eef8b64acf49

SHA512
d9996307d24e3a0f1a3b6a094c4c6e0749140206a11f2be53b3a015c4ea37722d243d22705e545ed4879ef39806ebea1b2b2b9bf252e6630daa141fcef77976f

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\x86\libcrypto-3.dll

Filesize
4.1MB

MD5
bef7ad6953c0f4e28965bf0d5f5ff2b0

SHA1
a440d5cdc43dfa9449409862473293d5c15754cd

SHA256
34c6646528d8f5bcedff8ff805a03178afb93fb8acc0ce661b3cc45bfb5683c5

SHA512
7f641613e0b942432be84bba949ed392993004968bd2f5066229c6319fd525bf69b7e739b68e840beafe4f0866e68e0013bfe9cd1650df1d426fc9d9635c1290

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\x86\ludp.dll

Filesize
1.4MB

MD5
6592d0a606ffac51eae7a6c2fdaf6092

SHA1
8a17d53a7de9190e2a566466b6b81c8fbef2a7c7

SHA256
8baa85075cdd28678c1f1613bcb0805ef5c090bd5de679cf92a6c4e828916402

SHA512
bbdfec7bc37681eef99427fcd3a0f97f5d3b0ccdc03ef7123f518b2cf3e01c09397ff2574f84a902f6740e1fdf09cc44cf55db04976f04fbab73c4f7e19d48e0

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_temp\xyvodsdk_x64.dll

Filesize
7.2MB

MD5
754912866f60b4ca9f9d9d2889b835de

SHA1
3da56832ae7393314bb250e1c6636682a90aca16

SHA256
c6909c1a10db96c44ba4aca433d6b605ccba3658553892b7b47e9192dab2ad0e

SHA512
91789298d7cb8bd6701bf8df4900af27da290609b24330ec6b263943aeda487b14670bf28ca83991a34925bad71e8f311acff422ef71aef86900648b1936cd28

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_tempwork\libcrypto-3-x64.dll

Filesize
5.7MB

MD5
15927d128a0b3968fc12f23813f3e67a

SHA1
9db0375a61c46927f03143cefc481999e4437583

SHA256
bc65afce0e342e6e47c1b596a441e943d947543a0b26ca66d435c74726e93402

SHA512
d5cde41b2ef59aeaa72584a72562e09349f2bb03e4f5bea6a168cf5737b789b027d7c51b96e18c15c7f44c30d45aa732304b065ff3a4199f4eff26992404f14b

Download Submit
C:\Users\Admin\AppData\Local\Lenovo\LeAppStore_tempwork\ludpx64.dll

Filesize
1.6MB

MD5
878042ca2642817a41e7df7b26a15d83

SHA1
3f935224b4f70fbdcacf08123b82be943d0f1aa7

SHA256
8b2fdf99a026a56fcb9058b655dc5ebcee12bc8fe7aea00bad4cd655316f712e

SHA512
95b16238f823e03de00513a17fe129368f056222e73160720ce09c55b92d675ed55f887830151d9052cbef977f58764abbcb7bacdb639e1e3dc93f7cc9e60b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
6ce6ae15f5286993994de7cba75dc991

SHA1
040f0aa803a39e88f527c1d8afb45d6d6a22ac53

SHA256
e12f596d791dfe3326bc5124bfce859162d4a90fa10b7e1d232cf14671e8c035

SHA512
7b1eaf92ab064c9e8123d6c8d2bfac1b43e2a364e317dcdae136d8a3deaa2ac547cf87822c564b4ac2e0537c104bed4900b8f557fcb614e59f1d75a3bee04c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
daae4d9f21a9b9418253116651d15521

SHA1
d08d1154d8e7797b913bf1c1a3528b54232c1c27

SHA256
641f51e81f01a956c3610331ada534bfb9b67027d74b7057b235532d3a6da35a

SHA512
26d619f78704532666a25fe827c01b46c7ad18d59ccc2893ca4acdda0111fbab407e46806eaf991ee0df625f953fd23eec98877d3381d0be5b4830f5928082bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
9c94f4f5cd02a62cce4a5e53498c5b0b

SHA1
33ed6217bd7a9a555085d1dd6ce4be4adc010231

SHA256
ba54646904abb9705e56ad9e4fffa3a51e72661b86d4fe8d38042126f2bde368

SHA512
a8ac1c7353396840141411b60b80caeaba0fddc6cec4e4c12a81c3ad631198a8e79bedfa405e519e3e95ec7e28c3f5d480e3e2d521c985875ce636b2091c2d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
d6e34cc5a67c928fe01ddff0bd6d0425

SHA1
8a78836e35aa64105798a203981a06e82cdcfcda

SHA256
3f45154b43322faa9c9a9c09f455d11090ac8cd0fcdc2902ba0977051da397b8

SHA512
ebe152d832afc5c1d96f80b2272550e7558d1252d05548a70525bc0b79890e263860bab64e930af648a9fdbf47f01ae11f3be9a3afc009411a8c83dc03d5fc0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\LISF_67506.tmp\ludp.dll

Filesize
1.4MB

MD5
fd0cdab66af7c5243d4acbf93f5c414c

SHA1
d443aca92cb31f59898be71b0f45d4b6b80ddb73

SHA256
cd42d042d5e43f7ad1b7f807113835309e7922a92226190e36c9e52ad9ab8ea3

SHA512
e49a95aa618e624fcc0b784de354f14c717a41ab36194a73eb76166ea9757a41e10041b4ffb5b3a2be042959563075367fe27f90830ff058c81f05fc038058b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\LISF_F5413.tmp\LISFInstall.exe

Filesize
3.2MB

MD5
484225f136a77fc24f1775c370a222a0

SHA1
9ee92db04858ddf3cb450abe33e0ba2ede18d8d6

SHA256
565ebd15cb2dd9b51b89a65a9afa083496a288c27eb681bd18d7af140f8cb2ca

SHA512
8a7740444b2a84a1c014812784cb7a6a103ee0fca1487325450193ba5f793b8ef1db335f2e412b7a6acdc05a5d54d49600c3e25538322f9fd50a8923668d886b

Download Submit
C:\Users\Admin\AppData\Local\Temp\LeASPac.exe.log.logdat

Filesize
1KB

MD5
b346a3bdbbd239dc733e1c149f9461bc

SHA1
94d8ec06eda27290099663605ddfa0177658b915

SHA256
3bfad285c0905722dbf21b1c2b42c882ca0d4f7d733b739bd9d4fde47ad97ce8

SHA512
e58aef0e8b173ae57ab8a295915570107b6edf673f33b3dfe566238b07f399432e39127f9fd1ab3ee40c3bf049f7938227cf42aa006addf92827a8d42cd50e05

Download Submit
C:\Users\Admin\AppData\Local\Temp\LeASPac.exe.log.logdat

Filesize
1KB

MD5
522b1abbae956685528463fa3c2c029a

SHA1
6279215cc77c0b6c47360d494dd4e58bebb0e010

SHA256
39c630cc5a61ef75f03ef88d2921eb8ac5fb4b6be4764b88f164dbc487b301b7

SHA512
afba6bf58882889591ca785af082141eaf9405f8275dde2f8e3aafd5d4b30468a473b880b1e1002f8a1f7bb841d51885a7c9d3666144ca0971825ca0718c17ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\LenovoAppStore.exe.log.logdat

Filesize
3KB

MD5
d182b8664c54c890b8fca316f572618f

SHA1
abfc9dda80172ef02e5780e8764a277a9c55bd58

SHA256
fe7b9946bc1eef529ec94b0fe0e2f9a172d1d2533c293ecf2e7392c59f40a929

SHA512
76d11597c1d4686aa26fc04fbc0c8de0743b97e5e58ae7141b7c05dad6a6057568dbb7ff6a5910d9cef42bb1e43086d64c6da5648bca37be9537ce137cd9da02

Download Submit
C:\Users\Admin\AppData\Local\Temp\LenovoAppStore.exe.log.logdat

Filesize
5KB

MD5
1d42b69bbb50ff34f2285fd246f6be3d

SHA1
52a7517f3867d2a5c503997db85765d74211d1ff

SHA256
567d6f2a30ed9ee48bd3ee2b94bae1a6bc08c75e476d5fe347356bb4e283b79e

SHA512
72a8ea6eef0655007e5dd6c3f53995cdbf78fd7e65650c71359d1ed2bee6d4fc635307ee6dfeb275da2804aea29e35fdef5a98f8e0ef49684eb94cd3fcbe3342

Download Submit
C:\Users\Admin\AppData\Local\Temp\Lenovo\contents.cab

Filesize
2.8MB

MD5
52aa2e3d7468896db128b70c2366572b

SHA1
3736063a72e7f22e8305e082ecd4467f923921ce

SHA256
9a65551c7ef7e2597d77c248c538d61734243526b589b690043fd7e04ba81647

SHA512
c46de9a0f69c10ca44094ce385c114f4edb8b4f84617ff6b14aa6bcfb820bc6de4c12fb672fabecaafd8b94edc1213e58c06b5a3ca8c0f6e9055e513afeaa219

Download Submit
C:\Users\Admin\AppData\Local\Temp\Lenovo\ini.cab

Filesize
545B

MD5
32a8ec89511bd697765626ef853cb8e4

SHA1
d53a802ef29557df0eb31c444865e7f1531ac626

SHA256
5176fae8212738ee7d149a82fceeaa4e05206c9399bdc80f35f6750fd4e57217

SHA512
b1ed73f5a0203dbf004a975b1a3689af57b77f176b8c2962110170f375b761d93637c00cc2e495823ca04e9933ab9b3c340173deb64a7036e348029d400f3c7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2tczcvpi.4zs.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\myc1BA1.tmp\test.ini

Filesize
723B

MD5
9577fd75aa9b0722511b6afa847be355

SHA1
e2a32cb656630e87d466152acd90a2bedb5ac71d

SHA256
18112a82d97981d8c00c4f79d571761c9eaa716e7d724a766123cf804e1927d9

SHA512
126e0d48511735dade530d87bc4950b1335ae177f23e0cf59df920c568dd1e241100c46e11ee32b5fda42fcbee2fde11c1e1dd726120bf59c89caa111a225efc

Download Submit
C:\Users\Admin\AppData\Roaming\Lenovo\Ludp\L1O38A4LVF13_34D4A34F269AB81B02E09597A230B888.db

Filesize
24KB

MD5
1e9887adf8f0fc211a2ad11b16a9d8eb

SHA1
9bc56e9ae2abd6d9b934422910c336549b50f898

SHA256
5cbfded85bd7c0954fc559571ee68daed858ac7d22b1c7752047df057c867af4

SHA512
2a73677599edff757607bc1fb8939e15d95774e2ac51a26d98ed3736f60bb58302af709b1db17b89500e39e34f502c3516b8fbf36641c4816c18b874b800820a

Download Submit
C:\Users\Admin\AppData\Roaming\Lenovo\Ludp\L1O38A4LVF13_34D4A34F269AB81B02E09597A230B888.db-wal

Filesize
144KB

MD5
39e750c2bb5934e23135bf2a2ddc4968

SHA1
2f7c9a7f82c7dec46389c910184b918844597a71

SHA256
f76ce3fb6fa7a3b44879d31699289a1e0c851e6e5d54a762f10f1f50405e8858

SHA512
12a6dec3cd0cde001c66f64b7c29bf8feeec6a7ae113af07221a9f1ec10f1003b92052c865ad754759a057de70adf694a5420fbbcc3194217b227644cda3ce78

Download Submit
C:\Users\Admin\AppData\Roaming\Lenovo\Ludp\L1O38A4LVF13_34D4A34F269AB81B02E09597A230B888.log

Filesize
671B

MD5
6ec4671ea013e2d6b73a5d2d6a0a9e39

SHA1
5aa415a3a59925b06102d3ca44e4801ae47622c0

SHA256
05642cab097161106123d48cbf44bbb8728eea8836c2dc32721eaf43aa322627

SHA512
8cce3c297e59848d77f12294ddf3f5901042d57af7517ff51be937f7272bafa314e3b1077961c4ed312018c1d5da46704f2ae066ea527100f1fe2dd97a4e1256

Download Submit
C:\Users\Admin\AppData\Roaming\Lenovo\Ludp\L1O38A4LVF13_34D4A34F269AB81B02E09597A230B888.log

Filesize
1KB

MD5
3b2f92d700c2fb641070520720d5c771

SHA1
3c126f73cf984dcef61329072c36bdb5fecc834e

SHA256
59353cba8d52d760dd3e6c99fbbd1bff61c61618b803c8ab4f915ff6ef97ef84

SHA512
d516d4116fd935a096f82f4c0b150ff73033c1ac50796c34791416ed466659e2a9d95fb73d23a0b392914a66b96e68633be526f74b70f5eaf6e3f0a4c273e9bd

Download Submit
C:\Users\Admin\AppData\Roaming\Lenovo\Ludp\L1O38A4LVF13_D47AB56D5DAE46F6E34AE0708A4E5FE9.db

Filesize
4KB

MD5
35169b7b8da187455dd69a9f0ca6d8db

SHA1
ff58e52ab36380742948a1a779952afc222b6ac7

SHA256
63e9aaf6c6b4f28a934f6cce1e7d0273895fd91b2f21376444028fe674cfe3d2

SHA512
773b0eca9f5a50910a83b3f5e1fcb777d4ba38c81ca6f4e8eefff2a861b5fefbed7e9bc781db99c8bff71a45e32e881da55862005ec3d252444a7ea8debcff41

Download Submit
memory/1952-2749-0x00000175C6550000-0x00000175C6566000-memory.dmp

Filesize
88KB

Download
memory/1952-2751-0x00000175C6600000-0x00000175C6626000-memory.dmp

Filesize
152KB

Download
memory/1952-2750-0x00000175C6540000-0x00000175C654A000-memory.dmp

Filesize
40KB

Download
memory/3852-1641-0x0000019AAD9D0000-0x0000019AAD9F2000-memory.dmp

Filesize
136KB

Download
memory/3852-1654-0x0000019AADA20000-0x0000019AADA2A000-memory.dmp

Filesize
40KB

Download
memory/5480-2427-0x000002568B380000-0x000002568B38C000-memory.dmp

Filesize
48KB

Download
memory/5480-2422-0x000002568CA40000-0x000002568CA5A000-memory.dmp

Filesize
104KB

Download
memory/5480-2423-0x00000256A5470000-0x00000256A5518000-memory.dmp

Filesize
672KB

Download
memory/5480-2424-0x000002568CAF0000-0x000002568CB18000-memory.dmp

Filesize
160KB

Download
memory/5480-2425-0x000002568B390000-0x000002568B398000-memory.dmp

Filesize
32KB

Download
memory/5480-2421-0x000002568B1C0000-0x000002568B1D8000-memory.dmp

Filesize
96KB

Download
memory/5480-2420-0x000002568CA90000-0x000002568CAF2000-memory.dmp

Filesize
392KB

Download
memory/5480-2414-0x000002568A990000-0x000002568AE32000-memory.dmp

Filesize
4.6MB

Download
memory/5480-2430-0x000002568CB50000-0x000002568CB76000-memory.dmp

Filesize
152KB

Download
memory/5480-2426-0x000002568CB20000-0x000002568CB48000-memory.dmp

Filesize
160KB

Download
memory/5480-2428-0x00000256A5520000-0x00000256A55DE000-memory.dmp

Filesize
760KB

Download
memory/5480-2429-0x000002568CA60000-0x000002568CA68000-memory.dmp

Filesize
32KB

Download