How to remove TempMicrosoft.exe

TempMicrosoft.exe

The module TempMicrosoft.exe has been detected as Trojan.Kryptik

TempMicrosoft.exe
Remove TempMicrosoft.exe

File Details

MD5: 16652c1f3744f03088bc34ffa6a19fd9
Size: 56 MB
First Published: 2017-08-17 14:06:42 (7 years ago)
Latest Published: 2025-04-26 23:00:49 (3 months ago)
Status: Trojan.Kryptik (on last analysis)
Analysis Date: 2025-04-26 23:00:49 (3 months ago)

Common Places:

%appdata%
%localappdata%
%desktop%\dokumentum\toolkit
%profile%\all activation windows (7-8-10) v10.8\all activation\activators
%profile%\all activation windows (7-8-10) v19.3 2018\all activation\activators
%sysdrive%\ms software october_2017
%profile%\downloads\activador win 7 enterprise office 2013.zip
%sysdrive%\usr1\office\offices 2010\microsoft.toolkit.v2.6.2-activador
%sysdrive%\google drive\share\- fast share\microsoft toolkit 2.6.2 official torrent
%sysdrive%\arts prgs

File Names:

Microsoft Toolkit.exe
TempMicrosoft.exe

Geography:

7.1%
6.2%
5.7%
5.2%
4.7%
4.3%
4.3%
3.3%
3.3%
3.3%
3.3%
2.8%
2.8%
2.8%
2.4%
2.4%
1.9%
1.4%
1.4%
1.4%
1.4%
1.4%
1.4%
1.4%
1.4%
1.4%
1.4%
1.4%
1.4%
0.9%
0.9%
0.9%
0.9%
0.9%
0.9%
0.9%
0.9%
0.9%
0.9%
0.9%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%

OS Version:

Windows 10 66.1%
Windows 7 27.1%
Windows 8.1 5.5%
Windows Vista 0.5%
Windows 8 0.5%
Windows Server 2012 R2 0.5%

Analysis

Subsystem: Windows GUI
PE Type: pe
OS Bitness: 32
Image Base: 0x00400000
Entry Address: 0x0382351e

.NET Info:

MVID: 2dbee65c-6ad5-44b4-a06e-5e8998f62ec2
Typelib ID: cc1bcfce-90f4-4517-92e1-1eb1e5cedb78

PE Sections:

Name Size of data MD5
.text 58856960 6059f6059d71fbdc2e8036ff79a6bae6
.rsrc 374784 ff94c855a827c17eaab4b4efb685f98f
.reloc 512 985afaa44431643c7c602b209956eff3

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for TempMicrosoft.exe
copyright for information about TempMicrosoft.exe