Well I am still blind as a bat I guess. I dumped the contents of the thing from outer space (and also I copied everything I had read access to my local machine… basically rsyncing the “whole” machine… still working on a way to remove everything from that ton of files/folders that is native / unmodified to the real OS and sifting through the remaining stuff), found the counterparts to the files found somewhere else but the counterparts are encrypted. I can’t seem to find the place where I should get the passphrase from… again I definitely don’t want to try and throw wordlists at the files… which would be a last resort. There are files in /tmp I tried reading but from what I say they got created while getting the initial foothold when sending transactions. So far this machine has been my Kryptonite. The only thing I could imagine would be using some sort of “ID” to get data from the two services but then again: The one service apparently has only the first block with nothing of value in it and the other one only has stuff which is related to my own activities. I also found something listening on UDP on a particular port but I think it’s related to the outer space thingy… which would mean that anything I could find on that port would somehow also be present in the files.