Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Defender' = '"C:\ProgramData\%USERNAME%Safe.exe"'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Defender' = '"C:\ProgramData\%USERNAME%Safe.exe"'
- C:\ProgramData\%USERNAME%Safe.exe
- '64.#1.54.23':82
- '<Full path to file>'