Guest Tmpoo Posted January 18, 2023 Posted January 18, 2023 Hello, i have outgoing connections from a generic "sa7d21.tmp" file. It is located at windows/temp/. The name of that .tmp is changing. I'am using training mode on eset. I have checked the whois Ip and it's pointed to cloudflare. (i will post the next ip and port) So i'am using NordVpn and there is sometimes a combination, if i start nordvpn and a new .tmp file rule. This is weird, it looks like nordvpn is spying on me but i cant find anything on google for that. So this is for sure a trojaner/spyware or not ? best regards
Administrators Marcos 5,468 Posted January 18, 2023 Administrators Posted January 18, 2023 You can upload such tmp file to https://www.virustotal.com to see if other AVs detect it. If you would like us to analyze logs from your machine, please sign up first and re-post in the Malware finding and cleaning forum while enclosing logs collected with ESET Log Collector.
Recommended Posts