Dark Watchman is stored in the Windows Registry as a script, and a scheduled task is created to launch it every time the user logs in. It also has a keylogger which is stored as obfuscated C# code, and compiled by a PowerShell script and the legitimate .NET CSC.exe tool.
The RAT can download and execute new payloads, run custom commands, upload files to a command-and-control server, and update its own code. There are indications that it does download ransomware.
The behavioral detection and machine intelligence capabilities in Acronis Cyber Protect effectively block both existing and brand-new malware threats, including fileless variants, before they can do any damage to your systems.