Joe Sandbox Cloud Basic

Want to search on specific fields?


Try our:

Advanced Search

Want to search in depth on all Cloud Basic reports?

Try: Joe Sandbox View

Register Login
sloganpng
top title background image
flash

pw11-free.exe

Status: finished
Submission Time: 2020-07-16 12:46:40 +02:00
Malicious
Spyware
Evader

Comments

Tags

Details

  • Analysis ID:
    245931
  • API (Web) ID:
    387531
  • Analysis Started:
    2020-07-16 12:46:41 +02:00
  • Analysis Finished:
    2020-07-16 13:03:52 +02:00
  • MD5:
    75697a70f74dff19d0d39a817dfde286
  • SHA1:
    ca90376a51905703e059529a75dfdbbc4ba8a768
  • SHA256:
    354cf4fb3171b4f674fb52949e42e3dc531d5ab6068b7d6b9c3d7ce0337d1124
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
Full Report Management Report IOC Report
malicious
Score: 42
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

Open Full Report
malicious
Score: 5/72
malicious
Score: 6/48

IPs

IP Country Detection
104.20.7.9
 United States
52.209.200.29
 United States
199.115.112.67
 United States
Click to see the 7 hidden entries
104.20.6.9
 United States
108.177.15.157
 United States
216.58.207.35
 United States
85.159.237.103
 Netherlands
34.252.94.12
 United States
104.20.144.70
 United States
104.20.145.70
 United States

Domains

Name IP Detection
vps.sihomuwe-ter.com
 34.252.94.12
stats.l.doubleclick.net
 108.177.15.157
cdn2.minitool.com
 104.20.145.70
Click to see the 8 hidden entries
tracking.minitool.com
 104.20.144.70
cloud.sihomuwe-ter.com
 199.115.112.67
www.minitool.com
 104.20.145.70
www.google.co.uk
 216.58.207.35
api.sihomuwe-ter.com
 85.159.237.103
www.partitionwizard.com
 104.20.7.9
ww1.sihomuwe-ter.com
 52.209.200.29
stats.g.doubleclick.net
 0.0.0.0

URLs

Name Detection
https://www.modern.ie/Umbraco/Api/CompatIssueApi/PostCompatIssue?version=2
HTTP://BYTEFENCE.COM/TERMS.ASPX
HTTPS://LEGAL.INNOGAMES.COM/FOE/DE/AGB
Click to see the 97 hidden entries
http://.css
https://www.partitionwizard.com/feedback/uninstall-partition-wizard.html?from=from-free-v11
http://cloud.sihomuwe-ter.com/ofr/Solululadul/osutils
http://tracking.minitool.com/pw/uninstall.php?from=pwfree12
https://www.partitionwizard.com/feedback/uninstall-partition-wizard.html?from=from-free-v12
https://cdn2.minitool.com/download-center/release/products/pw/v11.6/mtsbsetup_pw_x64_20191212_2.exeh
http://www.partitionwizard.comB
https://legal.innogames.com/foe/us/agb
http://www.babylon.com/uninstall_search/chrome
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
https://curl.haxx.se/docs/http-cookies.html
http://ocsp.sectigo.com0
HTTP://BYTEFENCE.COM/PRIVACY.ASPX
http://vps.sihomuwe-ter.com/
http://html4/loose.dtd
http://cdn2.minitool.com/download-center/release/products/pw/v11.6/mtsbsetup_pw_x86_20191212_2.exe_2
https://www.partitionwizard.jp/feedback/install-partition-wizard.html?from-free-v11
http://tracking.minitool.com/pw/update-checker.html?days=1&lang=en&ver=120000&FirstCheckingDate=20200716&FromTask=false
http://searchya.com/faq
HTTPS://WWW.MCAFEE.COM/CONSUMER/EN-US/POLICY/LEGAL.HTML
https://cdn2.minitool.com/download-center/release/products/pw/v11.6/mtsbsetup_pw_x86_20191212_2.exe
http://www.partitionwizard.coma
https://www.partitionwizard.com/offline-download.html
http://cdn2.min
https://legal.innogames.com/foe/us/privacy
http://.jpg
http://a9.com/-/spec/opensearch/1.1MaximumResultCountDataSourceCLSIDLinkIsFilePath
https://www.minitool.com/feedback/sm/uninstall-shadowmaker.html?free3.2_PW_INTEGRATION=
http://tracking.minitool.com/backup/installation.html?free3.2_PW_INTEGRATION
https://www.partitionwizard.jp/feedback/uninstall-partition-wizard.html?from=from-free-v12
https://www.partitionwizard.jp/feedback/uninstall-partition-wizard.html?from=from-free-v11
http://www.dealply.com/privacy
https://sectigo.com/CPS0D
https://curl.haxx.se/V
http://tracking.minitool.com/pw/update-checker.php?days=1&lang=en&ver=120000&FirstCheckingDate=20200716&FromTask=false
http://ww1.sihomuwe-ter.com/y
https://www.minitool.fr/commentaire/pw/desinstaller-partition-wizard.html?from-free-v12
https://cdn2.minitool.com/download-center/release/products/pw/v11.6/mtsbsetup_pw_x64_20191212_2.exe
https://www.minitool.fr/commentaire/pw/desinstaller-partition-wizard.html?from-free-v11
http://cloud.sihomuwe-ter.com/img/Sibarasawi/TPC_img_bg.png
https://cdn2.minitool.com/download-center/release/products/pw/v11.6/mtsbsetup_pw_x86_20191212_2.
https://HTTP/1.1
https://cdn2.minitool.com/download-center/release/products/pw/v11.6/mtsbsetup_pw_x64_20191212_2.exer
http://www.w3.
http://www.avg.com/ww-en/privacy
http://tracking.minitool.com/pw/installation.html?from=pwfree11.6
HTTPS://LEGAL.INNOGAMES.COM/FOE/US/PRIVACY
http://test.com
http://www.innosetup.com/
http://www.avg.com/ww-en/eula
http://home.searchya.com/privacy-policy/
https://www.dashlane.com/terms
HTTPS://WWW.AVAST.COM/EULA-AVAST-CONSUMER-PRODUCTS
https://cdn2.minitool.com/download-center/release/products/pw/v11.6/mtsbsetup_pw_x86_20191212_2.exe;
http://www.dealply.com/faq/
https://curl.haxx.se/docs/copyright.htmlD
https://cdn2.minitool.com/download-center/relea
http://www.xs4all.nl/~peterned/
https://www.minitool.fr/commentaire/pw/installer-partition-wizard.html?from-free-v11
HTTPS://WWW.DASHLANE.COM/PRIVACY
http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
http://cdn2.minitool.com/download-center/releas
HTTPS://OM.FORGEOFEMPIRES.COM/FOE/
http://cnx.D
HTTP://WWW.AVG.COM/WW-EN/PRIVACY
https://www.mcafee.com/consumer/en-us/policy/legal.html
https://de.minitool.com/feedback/pw/partition-wizard-deinstallieren.html?from=from-free-v12
https://de.minitool.com/feedback/pw/partition-wizard-deinstallieren.html?from=from-free-v11
https://www.avast.com/privacy-policy
http://www.partitionwizard.com/checking-update/verconfig-v11-free.txt
https://www.avast.com/eula-avast-consumer-products
http://tracking.minitool.com/pw/installation.php?from=pwfree11.6
https://cdn2.minitool.com/downloUCr
http://www.dealply.com/terms
http://tracking.minitool.com/backup/sm_monitor_prompt_backup.html
http://cdn2.minitool.com/download-center/release/products/pw/v11.6/mtsbsetup_pw_x64_20191212_2.exe
https://legal.innogames.com/foe/de/agb
https://www.partitionwizard.com/feedback/install-partition-wizard.html?from-free-v11
https://om.forgeofempires.com/foe/
https://www.partitionwizard.com/download/online-setup-config/pwfree-v116-bundle-sm.ini
https://www.partitionwizard.com/download/online-setup-config/pwfree-v116.ini
http://cnx.??
http://cloud.sihomuwe-ter.com/img/Sibarasawi/bg_comp.png
http://cdn2.minitool.com/download-center/release/products/pw/v11.6/mtsbsetup_pw_x86_20191212_2.exe
https://%s:%hu%s:%huPassport1.4Negotiate2SupportedIfbasicdigestrealm
HTTPS://LEGAL.INNOGAMES.COM/FOE/DE/PRIVACY
HTTPS://WWW.DASHLANE.COM/TERMS
https://www.MiniTool.com/
http://d2njqrejedyvqu.cloudfront.net/
http://www.jrsoftware.org/ishelp/index.php?topic=setupcmdline
http://www.partitionwizard.com/privacy.html
https://www.partitionwizard.com/download/online-setup-config/pwfree-v116-bundle-sm.ini/VERYSILENT/US
http://ocsp.sectigo.com05
http://cdn2.minitool.com/download-center/release/products/pw/v11.6/mtsbsetup_pw_x64_20191212_2.exet:
https://cdn2.minitool.com/download-cente
http://ww1.sihomuwe-ter.com/
https://www.minitool.com/help-pw/eula.html

Dropped files

Name File Type Hashes Detection
C:\Program Files\MiniTool Partition Wizard 11\is-0RI88.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-7I063.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-6TIQV.tmp
 Qt Translation file
 #
Click to see the 97 hidden entries
C:\Program Files\MiniTool Partition Wizard 11\is-6PUQB.tmp
 PE32 executable (console) Intel 80386, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-6D1TD.tmp
 Qt Translation file
 #
C:\Program Files\MiniTool Partition Wizard 11\is-5LAM4.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-47L8H.tmp
 Qt Translation file
 #
C:\Program Files\MiniTool Partition Wizard 11\is-2QJVD.tmp
 Qt Translation file
 #
C:\Program Files\MiniTool Partition Wizard 11\is-2N82R.tmp
 PE32+ executable (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-2E3V2.tmp
 PE32+ executable (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-2A4BH.tmp
 Qt Translation file
 #
C:\Program Files\MiniTool Partition Wizard 11\is-29MK9.tmp
 Qt Translation file
 #
C:\Program Files\MiniTool Partition Wizard 11\is-28DC3.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-7OQDA.tmp
 Qt Translation file
 #
C:\Program Files\MiniTool Partition Wizard 11\is-0K5CQ.tmp
 Qt Translation file
 #
C:\Program Files\MiniTool Partition Wizard 11\is-0HM75.tmp
 Qt Translation file
 #
C:\Program Files\MiniTool Partition Wizard 11\is-0H8N0.tmp
 Qt Translation file
 #
C:\Program Files\MiniTool Partition Wizard 11\is-0G9EI.tmp
 Qt Translation file
 #
C:\Program Files\MiniTool Partition Wizard 11\is-09MV6.tmp
 PE32 executable (console) Intel 80386, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-00MRG.tmp
 Qt Translation file
 #
C:\Program Files\MiniTool Partition Wizard 11\imageformats\is-UUUVR.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\imageformats\is-TENGQ.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\imageformats\is-T07A1.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\imageformats\is-S78I9.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\imageformats\is-QFJC7.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-CFDMU.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-II7F8.tmp
 Qt Translation file
 #
C:\Program Files\MiniTool Partition Wizard 11\is-IFE5A.tmp
 PC bitmap, Windows 3.x format, 1024 x 768 x 24
 #
C:\Program Files\MiniTool Partition Wizard 11\is-I2S1A.tmp
 Qt Translation file
 #
C:\Program Files\MiniTool Partition Wizard 11\is-HIEDM.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-HC67U.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-GK447.tmp
 PE32+ executable (DLL) (console) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-EGPF9.tmp
 data
 #
C:\Program Files\MiniTool Partition Wizard 11\is-EA4HE.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-E6IDT.tmp
 Qt Translation file
 #
C:\Program Files\MiniTool Partition Wizard 11\is-DQ3BE.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-DDROT.tmp
 Qt Translation file
 #
C:\Program Files\MiniTool Partition Wizard 11\is-CO7SC.tmp
 XML 1.0 document, UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
 #
C:\Program Files\MiniTool Partition Wizard 11\imageformats\is-LVTDP.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-BS7IN.tmp
 Qt Translation file
 #
C:\Program Files\MiniTool Partition Wizard 11\is-BKG93.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-BG3ED.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-BEG4N.tmp
 Qt Translation file
 #
C:\Program Files\MiniTool Partition Wizard 11\is-B9FHH.tmp
 PE32 executable (GUI) Intel 80386, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-AB37R.tmp
 Qt Translation file
 #
C:\Program Files\MiniTool Partition Wizard 11\is-9QS61.tmp
 PE32+ executable (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-9JPMF.tmp
 Qt Translation file
 #
C:\Program Files\MiniTool Partition Wizard 11\is-93GNK.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\is-88T3Q.tmp
 Qt Translation file
 #
C:\Program Files\MiniTool Partition Wizard 11\is-8564U.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\PEDrivers\x86\f6flpy-x86\is-SNAEQ.tmp
 PE32 executable (native) Intel 80386, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\PETools\x86\boot\is-SJ876.tmp
 "EFISECTOR ", FAT (12 bit), followed by FAT
 #
C:\Program Files\MiniTool Partition Wizard 11\PETools\x86\boot\is-BSQSR.tmp
 data
 #
C:\Program Files\MiniTool Partition Wizard 11\PETools\x86\boot\is-B6PJE.tmp
 MS Windows registry file, NT/2000 or above
 #
C:\Program Files\MiniTool Partition Wizard 11\PETools\x86\boot\is-1RN2K.tmp
 data
 #
C:\Program Files\MiniTool Partition Wizard 11\PETools\amd64\is-HKUDR.tmp
 PE32+ executable x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\PETools\amd64\is-GOGOP.tmp
 DOS executable (COM)
 #
C:\Program Files\MiniTool Partition Wizard 11\PETools\amd64\efi\microsoft\boot\is-O4O12.tmp
 MS Windows registry file, NT/2000 or above
 #
C:\Program Files\MiniTool Partition Wizard 11\PETools\amd64\efi\boot\is-JD564.tmp
 PE32+ executable (DLL) (EFI application) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\PETools\amd64\boot\is-N31JC.tmp
 data
 #
C:\Program Files\MiniTool Partition Wizard 11\PETools\amd64\boot\is-KFVON.tmp
 data
 #
C:\Program Files\MiniTool Partition Wizard 11\PETools\amd64\boot\is-H8359.tmp
 "EFISECTOR ", FAT (12 bit), followed by FAT
 #
C:\Program Files\MiniTool Partition Wizard 11\PETools\amd64\boot\is-AUH7F.tmp
 MS Windows registry file, NT/2000 or above
 #
C:\Program Files\MiniTool Partition Wizard 11\PETools\x86\boot\is-U6LV5.tmp
 data
 #
C:\Program Files\MiniTool Partition Wizard 11\PEDrivers\x86\f6flpy-x86\is-PNNSK.tmp
 Windows setup INFormation, Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
 #
C:\Program Files\MiniTool Partition Wizard 11\PEDrivers\x86\f6flpy-x86\is-L0RBM.tmp
 Windows setup INFormation, Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
 #
C:\Program Files\MiniTool Partition Wizard 11\PEDrivers\x86\f6flpy-x86\is-DSIIP.tmp
 PE32 executable (native) Intel 80386, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\PEDrivers\x86\f6flpy-x86\is-380OT.tmp
 data
 #
C:\Program Files\MiniTool Partition Wizard 11\PEDrivers\x86\f6flpy-x86\is-008B1.tmp
 data
 #
C:\Program Files\MiniTool Partition Wizard 11\PEDrivers\x64\f6flpy-x64\is-VD61P.tmp
 PE32+ executable (native) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\PEDrivers\x64\f6flpy-x64\is-R7LFC.tmp
 data
 #
C:\Program Files\MiniTool Partition Wizard 11\PEDrivers\x64\f6flpy-x64\is-QOL7B.tmp
 data
 #
C:\Program Files\MiniTool Partition Wizard 11\PEDrivers\x64\f6flpy-x64\is-F17VP.tmp
 PE32+ executable (native) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\PEDrivers\x64\f6flpy-x64\is-BS21N.tmp
 Windows setup INFormation, Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
 #
C:\Program Files\MiniTool Partition Wizard 11\PEDrivers\x64\f6flpy-x64\is-5PJLI.tmp
 Windows setup INFormation, Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
 #
C:\Program Files\MiniTool Partition Wizard 11\en-us\win8_x86\is-MIJLR.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\imageformats\is-G4GLU.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\imageformats\is-E3O72.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\imageformats\is-8C49J.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\imageformats\is-4V12M.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\en-us\x86\is-K3DG6.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\en-us\x86\is-DI5I0.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\en-us\x86\is-2Q88B.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\en-us\x64\is-V80ID.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\en-us\x64\is-RA4QF.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\en-us\x64\is-GVMSO.tmp
 PE32+ executable (DLL) (GUI) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\en-us\win8_x86\is-S8BNR.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\en-us\win8_x86\is-MTP4V.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files (x86)\0055FF13.log
 ASCII text, with no line terminators
 #
C:\Program Files\MiniTool Partition Wizard 11\en-us\win8_x64\is-4T18S.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\en-us\win8_x64\is-2BEHA.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\en-us\win8_x64\is-0GAEH.tmp
 PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\diskspd\is-VAA2P.tmp
 PE32 executable (console) Intel 80386, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\diskspd\is-JQQLC.tmp
 PE32+ executable (console) x86-64, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\diskspd\is-022OJ.tmp
 ASCII text, with CRLF line terminators
 #
C:\Program Files\MiniTool Partition Wizard 11\PETools\x86\is-LP2Q2.tmp
 DOS executable (COM)
 #
C:\Program Files\MiniTool Partition Wizard 11\PETools\x86\is-AGVI8.tmp
 PE32 executable Intel 80386, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\PETools\x86\efi\boot\is-04QC5.tmp
 PE32 executable (DLL) (EFI application) Intel 80386, for MS Windows
 #
C:\Program Files\MiniTool Partition Wizard 11\PETools\x86\efi\Microsoft\Boot\is-K9MND.tmp
 MS Windows registry file, NT/2000 or above
 #
C:\Program Files\MiniTool Partition Wizard 11\PETools\x86\efi\Microsoft\Boot\is-1RC2V.tmp
 PE32 executable Intel 80386, for MS Windows
 #