I was cleaning out a client's site that got hacked after I had cleaned it once already, when I found a cron job pointing to a script in the server /tmp director
sudo
autoloader
assistive-technology
glsl
sentinel2
macvim
pyscipopt
uidocumentpickerviewcontroller
odoo-server
relaxng-compact
sqoop
nestjs-graphql
abrt
azure-information-protection
memmap
huobi
memory-segmentation
google-directory-api
scalac
sinopia
dllhost
openmaptiles
storage
facebook-access-token
spark-dotnet
rootkit
uvicorn
contentview
pcre
fenwick-tree
