How to remove TempMicrosoft.exe

TempMicrosoft.exe

The module TempMicrosoft.exe has been detected as Trojan.Kryptik

TempMicrosoft.exe
Remove TempMicrosoft.exe

File Details

MD5: 16652c1f3744f03088bc34ffa6a19fd9
Size: 56 MB
First Published: 2017-08-17 14:06:42 (6 years ago)
Latest Published: 2023-03-30 23:20:59 (a year ago)
Status: Trojan.Kryptik (on last analysis)
Analysis Date: 2023-03-30 23:20:59 (a year ago)

Common Places:

%appdata%
%localappdata%
%desktop%\dokumentum\toolkit
%profile%\all activation windows (7-8-10) v10.8\all activation\activators
%profile%\all activation windows (7-8-10) v19.3 2018\all activation\activators
%sysdrive%\ms software october_2017
%profile%\downloads\activador win 7 enterprise office 2013.zip
%sysdrive%\usr1\office\offices 2010\microsoft.toolkit.v2.6.2-activador
%sysdrive%\google drive\share\- fast share\microsoft toolkit 2.6.2 official torrent
%sysdrive%\arts prgs

File Names:

Microsoft Toolkit.exe
TempMicrosoft.exe

Geography:

7.2%
6.3%
5.8%
4.8%
4.8%
4.3%
4.3%
3.4%
3.4%
3.4%
2.9%
2.9%
2.9%
2.4%
2.4%
1.9%
1.9%
1.4%
1.4%
1.4%
1.4%
1.4%
1.4%
1.4%
1.4%
1.4%
1.4%
1.4%
1.4%
1.0%
1.0%
1.0%
1.0%
1.0%
1.0%
1.0%
1.0%
1.0%
1.0%
1.0%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%
0.5%

OS Version:

Windows 10 66.8%
Windows 7 26.2%
Windows 8.1 5.6%
Windows Vista 0.5%
Windows 8 0.5%
Windows Server 2012 R2 0.5%

Analysis

Subsystem: Windows GUI
PE Type: pe
OS Bitness: 32
Image Base: 0x00400000
Entry Address: 0x0382351e

.NET Info:

MVID: 2dbee65c-6ad5-44b4-a06e-5e8998f62ec2
Typelib ID: cc1bcfce-90f4-4517-92e1-1eb1e5cedb78

PE Sections:

Name Size of data MD5
.text 58856960 6059f6059d71fbdc2e8036ff79a6bae6
.rsrc 374784 ff94c855a827c17eaab4b4efb685f98f
.reloc 512 985afaa44431643c7c602b209956eff3

More information:

Search on Virustotal
Download GridinSoft Anti-Malware - Removal tool for TempMicrosoft.exe
copyright for information about TempMicrosoft.exe