Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'EF Recovery Support Tools' = '"%LOCALAPPDATA%\EF Recovery\Support Tools\EF Recovery Support Tools.exe" /s'
- %TEMP%\ef recovery support tools.log
- from <Full path to file> to %LOCALAPPDATA%\ef recovery\support tools\ef recovery support tools.exe
- http://www.ec##hem.com/downloads/liveupdate/check.aspx?ap###########################################
- DNS ASK ec##hem.com