Technical Information
- [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 'Activer.exe' = '"%TEMP%\Activer.exe"'
- [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Activer.exe' = '"%TEMP%\Activer.exe"'
- %APPDATA%\microsoft\windows\start menu\programs\startup\activer.exe
- %TEMP%\activer.exe
- 'ti##now4.pw':80
- http://ti##now4.pw/gatev2.php
- DNS ASK ti##now4.pw
- '%TEMP%\activer.exe' "del" <Full path to file>