The ATI2021-ActivationScript-2022.01.27.bat file automates tasks that would be tedious to execute manually. When executed with administrator privileges on a Windows environment, it modifies the host operating system through several specific actions:
Another vulnerability, reported on a bug bounty platform, details the possibility of performing EXE hijacking using the Acronis True Image 2021 installer version 25.4.30480. This allows a local attacker to insert an executable file in the path of the EXE that is called. Upon software installation or upgrade, the malicious code runs with elevated privileges [8†L10-L16]. ATI2021-ActivationScript-2022.01.27.bat
The file is a third-party batch script designed to bypass the official licensing system of Acronis True Image 2021 . This specific version, dated January 2022, was part of a series of "hybrid" scripts widely shared on forums like My Digital Life to automate the installation, patching, and activation of the software. 🔍 Understanding the Activation Script The ATI2021-ActivationScript-2022
It appends lines to the Windows Hosts file ( C:\Windows\System32\drivers\etc\hosts ) to redirect official servers—such as activation.acronis.com —to a local IP address ( 127.0.0.1 ), blocking the software from phoning home to verify license validity. Upon software installation or upgrade, the malicious code
The file is a third-party batch script often circulated in tech forums to automate the activation or "cracking" of Acronis True Image 2021 .