Trojaner ? outgoing connection from /temp/ and random name like xkns2df3.tmp

[Guest Tmpoo]

Hello,

i have outgoing connections from a generic "sa7d21.tmp" file. It is located at windows/temp/.
The name of that .tmp is changing. 
I'am using training mode on eset. I have checked the whois Ip and it's pointed to cloudflare. (i will post the next ip and port)

So i'am using NordVpn and there is sometimes a combination, if i start nordvpn and a new .tmp file rule.

This is weird, it looks like nordvpn is spying on me but i cant find anything on google for that.

So this is for sure a trojaner/spyware or not ?

best regards

 

 

[Marcos 5,074]

You can upload such tmp file to https://www.virustotal.com to see if other AVs detect it.

If you would like us to analyze logs from your machine, please sign up first and re-post in the Malware finding and cleaning forum while enclosing logs collected with ESET Log Collector.