It writes settings to the HKEY_CURRENT_USER registry hive instead of HKEY_LOCAL_MACHINE , which is open to standard users.
It installs files into the %AppData% or %LocalAppData% folders rather than C:\Program Files , ensuring it doesn't need write access to protected system directories. Client-nonAdmin.exe
Because the name is generic, it can be used by both legitimate developers and malicious actors. It writes settings to the HKEY_CURRENT_USER registry hive