Jump to content

Trojaner ? outgoing connection from /temp/ and random name like xkns2df3.tmp


Recommended Posts

Posted

Hello,

i have outgoing connections from a generic "sa7d21.tmp" file. It is located at windows/temp/.
The name of that .tmp is changing. 
I'am using training mode on eset. I have checked the whois Ip and it's pointed to cloudflare. (i will post the next ip and port)

So i'am using NordVpn and there is sometimes a combination, if i start nordvpn and a new .tmp file rule.

This is weird, it looks like nordvpn is spying on me but i cant find anything on google for that.

So this is for sure a trojaner/spyware or not ?

best regards

 

 

  • Administrators
Posted

You can upload such tmp file to https://www.virustotal.com to see if other AVs detect it.

If you would like us to analyze logs from your machine, please sign up first and re-post in the Malware finding and cleaning forum while enclosing logs collected with ESET Log Collector.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...