The program creates the file C:\Windows\System32\Mlwx486.sys. You can use procmon or another dynamic monitoring tool to see the file being created, but you cannot see the file on disk because it is hidden.

The program has a kernel component. It is stored in the file’s resource section, and then written to disk and loaded into the kernel as a service.

The program is a rootkit designed to hide files. It uses SSDT hooking to overwrite the entry to NtQueryDirectoryFile, which it uses to prevent the display of any files beginning with Mlwx (case-sensitive) in directory listings.