The program H7A3B6A.EXE is used for hidden penetration into PC and its remote administration.
UnHackMe is recommended as a reliable program for solving the problem with H7A3B6A.EXE.
Download for free: http://www.unhackme.com
Malware Analysis of H7A3B6A.EXE
Full path on a computer: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-4115614\h7a3b6a.exe
Detected by UnHackMe:
H7A3B6A.EXE
Default location: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-4115614\h7a3b6a.exe
Removal Results: Success
Number of reboot: 1
H7A3B6A.EXE is known as:
Backdoor.Andromeda
H7A3B6A.EXE hash:
- MD5: e22c933fd807b064a7a0a32483209181
How to quickly detect H7A3B6A.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman: “C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-4115614\h7a3b6a.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dha8b2: “C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-4115614\h7a3b6a.exe”
- HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: “explorer.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-4115614\h7a3b6a.exe”
Folders:- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-4115614
Files:- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-4115614\Desktop.ini
- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-4115614\h7a3b6a.exe