: It modifies the Windows Registry to change the login/logoff helper path and creates files in the Startup directory to ensure it runs every time the computer boots.
According to malware analysis reports from ANY.RUN , the executable performs the following actions: Endermanch@000.exe
: Modern EDR tools can flag the suspicious use of WMIC.EXE and TASKKILL.EXE that this malware relies on. : It modifies the Windows Registry to change
Utilizes WMIC.EXE to gather detailed .