Congrats! Great job on finding that decryption key, now we can start to analyse the shellcode and figure out what happened. One issue though, we're having trouble figuring out where the traffic was going to. Can you tell us what the remote endpoint was? The flag should be in the format PCTF{IP:PORT}
VirusTotal can often help when figuring out what a piece of shellcode belongs to.