I was cleaning out a client's site that got hacked after I had cleaned it once already, when I found a cron job pointing to a script in the server /tmp director
rcpparmadillo
expo
unity-remote
react-bootstrap4-modal
state-monad
gcc-plugins
toolkit
opencv4nodejs
avfoundation
data-manipulation
smart-pointers
hibernate-5.x
streamingmarkupbuilder
symfony-3.1
listcellrenderer
maskedtextbox
handlebarshelper
form-layout
vnc-viewer
bootstrap5-modal
avr
window-resize
quake2
htmllint
jni4net
evdev
masstransit
bunit
e2e-encryption
app-transport-security
