According to malware analysis reports from ANY.RUN , the executable performs the following actions:
: Frequently identified under PID 2900 or 1876 in sandboxed environments. Endermanch@000.exe
Utilizes WMIC.EXE to gather detailed .
: The malware is known to forcibly change the desktop background image as part of its payload. System Sabotage : According to malware analysis reports from ANY