Jump to content

Trojaner ? outgoing connection from /temp/ and random name like xkns2df3.tmp

Recommended Posts


i have outgoing connections from a generic "sa7d21.tmp" file. It is located at windows/temp/.
The name of that .tmp is changing. 
I'am using training mode on eset. I have checked the whois Ip and it's pointed to cloudflare. (i will post the next ip and port)

So i'am using NordVpn and there is sometimes a combination, if i start nordvpn and a new .tmp file rule.

This is weird, it looks like nordvpn is spying on me but i cant find anything on google for that.

So this is for sure a trojaner/spyware or not ?

best regards



Link to comment
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...