File name:

8350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exe

Full analysis: https://app.any.run/tasks/87ae93ed-568b-4e7b-a22f-ffa3b4801dac
Verdict: Malicious activity
Analysis date: August 27, 2025, 02:12:42
OS: Windows 10 Professional (build: 19044, 64 bit)
Tags:
upx
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 5 sections
MD5:

2E3802C526BB5CCB037C8BEE4F446933

SHA1:

A9582CA98B4CB9DEEC126561B9D662EC57B9F5DD

SHA256:

8350C7C3831BB251D25561016DDC60788148E41B431B89C60E81BC73D8A21659

SSDEEP:

98304:twIshzrcqLrV+r6jDl1a/OOJ2SEvVFt9a/q+ctl1YbrRGGkzmlfpx2015ynILr82:Yt78IRHYgt2yBhBvmPneA7nB5x0Mn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • 8350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exe (PID: 5460)
      • dtl6_wnqd_pcol_silent.exe (PID: 2428)

    • Starts CMD.EXE for commands execution

      • 8350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exe (PID: 5460)

    • Drops 7-zip archiver for unpacking

      • dtl6_wnqd_pcol_silent.exe (PID: 2428)

    • Process drops legitimate windows executable

      • dtl6_wnqd_pcol_silent.exe (PID: 2428)

    • The process drops C-runtime libraries

      • dtl6_wnqd_pcol_silent.exe (PID: 2428)

    • Creates a software uninstall entry

      • dtl6_wnqd_pcol_silent.exe (PID: 2428)

    • Drops a system driver (possible attempt to evade defenses)

      • dtl6_wnqd_pcol_silent.exe (PID: 2428)

    • Reads security settings of Internet Explorer

      • dtl6_wnqd_pcol_silent.exe (PID: 2428)

    • Creates or modifies Windows services

      • dtl6_wnqd_pcol_silent.exe (PID: 2428)

    • Adds/modifies Windows certificates

      • dtl6_wnqd_pcol_silent.exe (PID: 2428)

    • There is functionality for taking screenshot (YARA)

      • dtl6_wnqd_pcol_silent.exe (PID: 2428)

  • INFO

    • The sample compiled with chinese language support

      • 8350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exe (PID: 5460)
      • dtl6_wnqd_pcol_silent.exe (PID: 2428)

    • Checks supported languages

      • dtl6_wnqd_pcol_silent.exe (PID: 2428)
      • 8350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exe (PID: 5460)

    • Reads the computer name

      • 8350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exe (PID: 5460)
      • dtl6_wnqd_pcol_silent.exe (PID: 2428)

    • Creates files in the program directory

      • dtl6_wnqd_pcol_silent.exe (PID: 2428)

    • The sample compiled with english language support

      • 8350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exe (PID: 5460)
      • dtl6_wnqd_pcol_silent.exe (PID: 2428)

    • The sample compiled with french language support

      • dtl6_wnqd_pcol_silent.exe (PID: 2428)

    • Create files in a temporary directory

      • 8350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exe (PID: 5460)

    • Reads the machine GUID from the registry

      • dtl6_wnqd_pcol_silent.exe (PID: 2428)

    • Checks proxy server information

      • dtl6_wnqd_pcol_silent.exe (PID: 2428)
      • slui.exe (PID: 4844)

    • Creates files or folders in the user directory

      • dtl6_wnqd_pcol_silent.exe (PID: 2428)

    • UPX packer has been detected

      • dtl6_wnqd_pcol_silent.exe (PID: 2428)
      • 8350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exe (PID: 5460)

    • Reads the software policy settings

      • dtl6_wnqd_pcol_silent.exe (PID: 2428)
      • slui.exe (PID: 4844)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (24.4)
.exe | Win64 Executable (generic) (21.6)
.exe | UPX compressed Win32 Executable (21.2)
.exe | Win32 EXE Yoda's Crypter (20.8)
.dll | Win32 Dynamic Link Library (generic) (5.1)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2017:05:26 05:54:54+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 9
CodeSize: 214016
InitializedDataSize: 16487424
UninitializedDataSize: -
EntryPoint: 0x1c12d
OSVersion: 5
ImageVersion: -
SubsystemVersion: 5
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.1
ProductVersionNumber: 1.0.0.1
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: Windows, Chinese (Simplified)
CompanyName: 深圳市驱动人生科技股份有限公司
FileDescription: 万能驱动工具
FileVersion: 1.0.0.1
InternalName: dtl_ui_universal.exe
LegalCopyright: Copyright (C) 2014 深圳市驱动人生科技股份有限公司
OriginalFileName: dtl_ui_universal.exe
ProductName: dtl_ui_universal.exe
ProductVersion: 1.0.0.1
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
141
Monitored processes
7
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start 8350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exe cmd.exe no specs conhost.exe no specs ping.exe no specs dtl6_wnqd_pcol_silent.exe slui.exe 8350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1520CMD /C ping www.160.comC:\Windows\SysWOW64\cmd.exe8350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
2428 -sC:\Users\admin\AppData\Local\Temp\dtl6_wnqd_pcol_silent.exe
8350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exe
User:
admin
Company:
深圳市驱动人生科技股份有限公司
Integrity Level:
HIGH
Description:
驱动人生6安装程序
Exit code:
1
Version:
6.7.51.156
Modules
Images
c:\users\admin\appdata\local\temp\dtl6_wnqd_pcol_silent.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
4768ping www.160.comC:\Windows\SysWOW64\PING.EXEcmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
TCP/IP Ping Command
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\ping.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvcrt.dll
4844C:\WINDOWS\System32\slui.exe -EmbeddingC:\Windows\System32\slui.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Activation Client
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
5460"C:\Users\admin\Desktop\8350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exe" C:\Users\admin\Desktop\8350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exe
explorer.exe
User:
admin
Company:
深圳市驱动人生科技股份有限公司
Integrity Level:
HIGH
Description:
万能驱动工具
Version:
1.0.0.1
Modules
Images
c:\users\admin\desktop\8350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
5904\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
7140"C:\Users\admin\Desktop\8350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exe" C:\Users\admin\Desktop\8350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exeexplorer.exe
User:
admin
Company:
深圳市驱动人生科技股份有限公司
Integrity Level:
MEDIUM
Description:
万能驱动工具
Exit code:
3221226540
Version:
1.0.0.1
Modules
Images
c:\users\admin\desktop\8350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
Total events
9 412
Read events
9 378
Write events
32
Delete events
2

Modification events

(PID) Process:(2428) dtl6_wnqd_pcol_silent.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DTLSoft\DriveTheLife2013
Operation:writeName:AppPath
Value:
C:\Program Files (x86)\DTLSoft\DriveTheLife
(PID) Process:(2428) dtl6_wnqd_pcol_silent.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DTLSoft\DriveTheLife2013
Operation:writeName:UnionId
Value:
2369
(PID) Process:(2428) dtl6_wnqd_pcol_silent.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DTLSoft\DriveTheLife2013
Operation:writeName:OemID
Value:
1
(PID) Process:(2428) dtl6_wnqd_pcol_silent.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\DTLSoft\DriveTheLife2013
Operation:writeName:UserID
Value:
00
(PID) Process:(2428) dtl6_wnqd_pcol_silent.exeKey:HKEY_CURRENT_USER\SOFTWARE\DTLSoft\DriveTheLife2013
Operation:writeName:AppPath
Value:
C:\Program Files (x86)\DTLSoft\DriveTheLife
(PID) Process:(2428) dtl6_wnqd_pcol_silent.exeKey:HKEY_CURRENT_USER\SOFTWARE\DTLSoft\DriveTheLife2013
Operation:writeName:UnionId
Value:
2369
(PID) Process:(2428) dtl6_wnqd_pcol_silent.exeKey:HKEY_CURRENT_USER\SOFTWARE\DTLSoft\DriveTheLife2013
Operation:writeName:OemID
Value:
1
(PID) Process:(2428) dtl6_wnqd_pcol_silent.exeKey:HKEY_CURRENT_USER\SOFTWARE\DTLSoft\DriveTheLife2013
Operation:writeName:UserID
Value:
00
(PID) Process:(2428) dtl6_wnqd_pcol_silent.exeKey:HKEY_CURRENT_USER\SOFTWARE\DTLSoft\DriveTheLife2013
Operation:writeName:Version
Value:
607510156
(PID) Process:(2428) dtl6_wnqd_pcol_silent.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{29FE44D7-BC89-4188-8B0E-F6BA073C15A4}_is1
Operation:writeName:DisplayIcon
Value:
C:\Program Files (x86)\DTLSoft\DriveTheLife\DriveTheLife.exe
Executable files
129
Suspicious files
50
Text files
128
Unknown types
0

Dropped files

PID
Process
Filename
Type
54608350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exeC:\Users\admin\AppData\Local\Temp\libcurl.dllexecutable
MD5:43291983172885D6A4FE3BCFB93AB6E3
SHA256:1AE7A37B37AF584AC6E51970B9BD278D6FE38D75415F2198262568B9DC2E96CF
2428dtl6_wnqd_pcol_silent.exeC:\Program Files (x86)\DTLSoft\DriveTheLife\HWBox\skin\png\VR_Loading.gifimage
MD5:2F867629F84B2DF752C294A1F8DF2F32
SHA256:7B0F12E0C5E9A5C942A45043AF1F399711930613E57866343D3FE0ABC3D35370
54608350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exeC:\Users\admin\AppData\Local\Temp\ResDll.dllexecutable
MD5:256E5841FF14008F40F2555DED5C12E7
SHA256:F4840150868EFF1CBE95DB6BD1BA5F04B13C0326D70CFAC04A21C4063C139330
2428dtl6_wnqd_pcol_silent.exeC:\Program Files (x86)\DTLSoft\DriveTheLife\skin\ad_image\20150120160wifi.jpgimage
MD5:22D9265D1FADD38D2F3A9A01FB0BAFF0
SHA256:CAD0D5E2BE0CF21F3A4454A2B851DA6AD219ACDD76A5DEF11B3FB8751E5EA638
54608350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exeC:\Users\admin\AppData\Local\Temp\dtl6_wnqd_pcol_silent.exeexecutable
MD5:301F9630551B9DF71FC42915A85842B6
SHA256:7EC7E092ED336132F908D727B3A003B5BB6C49E8BF9A13525707C5CBE987C277
2428dtl6_wnqd_pcol_silent.exeC:\Program Files (x86)\DTLSoft\DriveTheLife\HWBox\skin\png\basic_logo_gif_1.gifimage
MD5:60D3B5AB01C65189FBE61A16D84BAA99
SHA256:CFBE29DEC97ADEA020D2574989D6696D317730E661D7575382B590F9C0B3B0C9
2428dtl6_wnqd_pcol_silent.exeC:\Program Files (x86)\DTLSoft\DriveTheLife\skin\ad_image\20150120wan.jpgimage
MD5:3D5394B46C2D32AE901156F7DB2D6912
SHA256:42C1CEEEEFD01F11ED6D55FB1A90C6BE2F9CEC519F8559E39875682BADD93667
2428dtl6_wnqd_pcol_silent.exeC:\Program Files (x86)\DTLSoft\DriveTheLife\OneKeyInst\DataConfig\icon\12_48_1449644161.pngimage
MD5:BA29E95E507B286E8685CBF9B6A307B0
SHA256:2FE2BC6C486E97A7114BE4BB43DFF9CBAA00A442C40EC0F30B81BD9F8D64319E
2428dtl6_wnqd_pcol_silent.exeC:\Program Files (x86)\DTLSoft\DriveTheLife\OneKeyInst\DataConfig\icon\1202_48_1384933060.pngimage
MD5:29B8393603B974BB26F6976D7431EAD3
SHA256:DCEB15FD41F8800A60227411294DD85852173C2B1B711283CD7FEECBA8A9AB93
2428dtl6_wnqd_pcol_silent.exeC:\Program Files (x86)\DTLSoft\DriveTheLife\OneKeyInst\DataConfig\icon\12757_48_1392886772.pngimage
MD5:DF45E6017DFAEE2DFD88BD42FB207054
SHA256:C3BBCADF41A1C85CCE8BA4B328C8D927EDCC8D6EBCB704FEE803BC8D2F048914
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
63
TCP/UDP connections
73
DNS requests
32
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2428
dtl6_wnqd_pcol_silent.exe
GET
200
106.52.82.175:80
http://int.updrv.com/common/IntegrateInstallStat.ashx?v=6.7.51.156&u=2369&a=53
unknown
unknown
POST
400
20.190.159.68:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
unknown
POST
400
40.126.31.69:443
https://login.live.com/ppsecure/deviceaddcredential.srf
unknown
text
203 b
unknown
1160
svchost.exe
GET
200
23.53.40.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut_2010-06-23.crl
unknown
whitelisted
1268
svchost.exe
GET
200
23.53.40.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
23.53.40.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
23.53.40.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1268
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
5944
MoUsoCoreWorker.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
1268
svchost.exe
23.53.40.176:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5944
MoUsoCoreWorker.exe
23.53.40.176:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
23.53.40.176:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
1268
svchost.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
5944
MoUsoCoreWorker.exe
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
2.23.246.101:80
www.microsoft.com
Ooredoo Q.S.C.
QA
whitelisted
6540
svchost.exe
20.190.159.68:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 40.127.240.158
  • 4.231.128.59
whitelisted
google.com
  • 142.250.186.78
whitelisted
crl.microsoft.com
  • 23.53.40.176
  • 23.53.40.178
  • 2.16.241.12
  • 2.16.241.19
whitelisted
www.microsoft.com
  • 2.23.246.101
  • 23.3.109.244
whitelisted
login.live.com
  • 20.190.159.68
  • 20.190.159.75
  • 40.126.31.3
  • 40.126.31.67
  • 20.190.159.4
  • 20.190.159.0
  • 20.190.159.128
  • 40.126.31.69
whitelisted
int.updrv.com
  • 106.52.82.175
unknown
www.160.com
  • 122.188.44.51
  • 122.188.44.139
  • 116.136.189.50
  • 122.188.45.140
  • 59.83.212.226
  • 119.167.249.58
  • 60.221.17.73
  • 119.188.209.130
  • 122.188.45.51
unknown
softconfig.updrv.com
  • 118.25.86.202
unknown
dtlupdate.updrv.com
  • 134.175.60.10
unknown
install.integrate.updrv.com
  • 49.235.202.167
unknown

Threats

No threats detected
Process
Message
dtl6_wnqd_pcol_silent.exe
hwang szObjectName = Global\{A043B702-166A-4FB8-9733-E2BC4713F36F}53
dtl6_wnqd_pcol_silent.exe
hwang script_version:1.0.1.21
dtl6_wnqd_pcol_silent.exe
hwang global_install_pathstring
dtl6_wnqd_pcol_silent.exe
hwang global_install_pathstring
dtl6_wnqd_pcol_silent.exe
hwang Create Directory C:\Program Files (x86)\DTLSoft\DriveTheLife!
dtl6_wnqd_pcol_silent.exe
hwang UnCompress App.7z to C:\Program Files (x86)\DTLSoft\DriveTheLife .
dtl6_wnqd_pcol_silent.exe
hwang UnCompress successful.
dtl6_wnqd_pcol_silent.exe
hwang Save Shortcut C:\Users\Public\Desktop\????6.lnk
dtl6_wnqd_pcol_silent.exe
hwang Save Shortcut C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????\????6.lnk
dtl6_wnqd_pcol_silent.exe
hwang Save Shortcut C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????\??????6.lnk
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
8350c7c3831bb251d25561016ddc60788148e41b431b89c60e81bc73d8a21659.exe