Suspicious process running under user - warnings found

Jeromero

Active Member
Aug 6, 2019
25
3
3
Johannesburg , South Africa
cPanel Access Level
Website Owner
I have enabled notifications on my WHM and I get these "Suspicious process running under user " warnings for a few of different accounts.
One is:


Time: Fri Jul 17 12:52:53 2020 +0200
PID: 3626 (Parent PID:9738)
Account: d********
Uptime: 238 seconds


Executable:

/usr/local/cpanel/3rdparty/perl/530/bin/perl


Command Line (often faked in exploits):

spamd child


Network connections by the process (if any):

tcp: 127.0.0.1:783 -> 127.0.0.1:59634


Files open by the process (if any):

/dev/null
/usr/local/cpanel/logs/spamd_error_log
/usr/local/cpanel/logs/spamd_error_log
/usr/local/cpanel/3rdparty/perl/530/bin/spamd
/var/cpanel/locale/en.cdb
/tmp/.spamassassin3626Xzifh9tmp
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/Net/DNS/Resolver/Base.pm


Memory maps by the process (if any):

00400000-00402000 r-xp 00000000 fd:00 52826976
/usr/local/cpanel/3rdparty/perl/530/bin/perl
00601000-00602000 r--p 00001000 fd:00 52826976
/usr/local/cpanel/3rdparty/perl/530/bin/perl
00602000-00603000 rw-p 00002000 fd:00 52826976
/usr/local/cpanel/3rdparty/perl/530/bin/perl
008e2000-07a2f000 rw-p 00000000 00:00 0
[heap]
07a2f000-08573000 rw-p 00000000 00:00 0
[heap]
2b822ec72000-2b822ec94000 r-xp 00000000 fd:00 39060026
/usr/lib64/ld-2.17.so
2b822ec94000-2b822ec95000 rw-p 00000000 00:00 0
2b822eca2000-2b822eca8000 rw-p 00000000 00:00 0
2b822eca8000-2b822ee60000 r--s 00000000 fd:00 24903850
/var/db/nscd/hosts
2b822ee93000-2b822ee94000 r--p 00021000 fd:00 39060026
/usr/lib64/ld-2.17.so
2b822ee94000-2b822ee95000 rw-p 00022000 fd:00 39060026
/usr/lib64/ld-2.17.so
2b822ee95000-2b822ee96000 rw-p 00000000 00:00 0
2b822ee96000-2b822f167000 r-xp 00000000 fd:00 53087186
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/CORE/libperl.so
2b822f167000-2b822f367000 ---p 002d1000 fd:00 53087186
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/CORE/libperl.so
2b822f367000-2b822f376000 r--p 002d1000 fd:00 53087186
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/CORE/libperl.so
2b822f376000-2b822f37a000 rw-p 002e0000 fd:00 53087186
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/CORE/libperl.so
2b822f37a000-2b822f381000 rw-p 00000000 00:00 0
2b822f381000-2b822f398000 r-xp 00000000 fd:00 39060059
/usr/lib64/libpthread-2.17.so
2b822f398000-2b822f597000 ---p 00017000 fd:00 39060059
/usr/lib64/libpthread-2.17.so
2b822f597000-2b822f598000 r--p 00016000 fd:00 39060059
/usr/lib64/libpthread-2.17.so
2b822f598000-2b822f599000 rw-p 00017000 fd:00 39060059
/usr/lib64/libpthread-2.17.so
2b822f599000-2b822f59d000 rw-p 00000000 00:00 0
2b822f59d000-2b822f5b4000 r-xp 00000000 fd:00 39062086
/usr/lib64/libnsl-2.17.so
2b822f5b4000-2b822f7b3000 ---p 00017000 fd:00 39062086
/usr/lib64/libnsl-2.17.so
2b822f7b3000-2b822f7b4000 r--p 00016000 fd:00 39062086
/usr/lib64/libnsl-2.17.so
2b822f7b4000-2b822f7b5000 rw-p 00017000 fd:00 39062086
/usr/lib64/libnsl-2.17.so
2b822f7b5000-2b822f7b7000 rw-p 00000000 00:00 0
2b822f7b7000-2b822f7b9000 r-xp 00000000 fd:00 39062084
/usr/lib64/libdl-2.17.so
2b822f7b9000-2b822f9b9000 ---p 00002000 fd:00 39062084
/usr/lib64/libdl-2.17.so
2b822f9b9000-2b822f9ba000 r--p 00002000 fd:00 39062084
/usr/lib64/libdl-2.17.so
2b822f9ba000-2b822f9bb000 rw-p 00003000 fd:00 39062084
/usr/lib64/libdl-2.17.so
2b822f9bb000-2b822fabc000 r-xp 00000000 fd:00 39062085
/usr/lib64/libm-2.17.so
2b822fabc000-2b822fcbb000 ---p 00101000 fd:00 39062085
/usr/lib64/libm-2.17.so
2b822fcbb000-2b822fcbc000 r--p 00100000 fd:00 39062085
/usr/lib64/libm-2.17.so
2b822fcbc000-2b822fcbd000 rw-p 00101000 fd:00 39062085
/usr/lib64/libm-2.17.so
2b822fcbd000-2b822fcc5000 r-xp 00000000 fd:00 39060037
/usr/lib64/libcrypt-2.17.so
2b822fcc5000-2b822fec4000 ---p 00008000 fd:00 39060037
/usr/lib64/libcrypt-2.17.so
2b822fec4000-2b822fec5000 r--p 00007000 fd:00 39060037
/usr/lib64/libcrypt-2.17.so
2b822fec5000-2b822fec6000 rw-p 00008000 fd:00 39060037
/usr/lib64/libcrypt-2.17.so
2b822fec6000-2b822fef4000 rw-p 00000000 00:00 0
2b822fef4000-2b822fef6000 r-xp 00000000 fd:00 39060067
/usr/lib64/libutil-2.17.so
2b822fef6000-2b82300f5000 ---p 00002000 fd:00 39060067
/usr/lib64/libutil-2.17.so
2b82300f5000-2b82300f6000 r--p 00001000 fd:00 39060067
/usr/lib64/libutil-2.17.so
2b82300f6000-2b82300f7000 rw-p 00002000 fd:00 39060067
/usr/lib64/libutil-2.17.so
2b82300f7000-2b82302ba000 r-xp 00000000 fd:00 39060033
/usr/lib64/libc-2.17.so
2b82302ba000-2b82304ba000 ---p 001c3000 fd:00 39060033
/usr/lib64/libc-2.17.so
2b82304ba000-2b82304be000 r--p 001c3000 fd:00 39060033
/usr/lib64/libc-2.17.so
2b82304be000-2b82304c0000 rw-p 001c7000 fd:00 39060033
/usr/lib64/libc-2.17.so
2b82304c0000-2b82304c5000 rw-p 00000000 00:00 0
2b82304c5000-2b82304c7000 r-xp 00000000 fd:00 39059993
/usr/lib64/libfreebl3.so
2b82304c7000-2b82306c6000 ---p 00002000 fd:00 39059993
/usr/lib64/libfreebl3.so
2b82306c6000-2b82306c7000 r--p 00001000 fd:00 39059993
/usr/lib64/libfreebl3.so
2b82306c7000-2b82306c8000 rw-p 00002000 fd:00 39059993
/usr/lib64/libfreebl3.so
2b82306c8000-2b8230738000 r-xp 00000000 fd:00 53087389
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/re/re.so
2b8230738000-2b8230937000 ---p 00070000 fd:00 53087389
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/re/re.so
2b8230937000-2b8230938000 r--p 0006f000 fd:00 53087389
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/re/re.so
2b8230938000-2b8230939000 rw-p 00070000 fd:00 53087389
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/re/re.so
2b8230939000-2b823093d000 r-xp 00000000 fd:00 53087365
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/IO/IO.so
2b823093d000-2b8230b3c000 ---p 00004000 fd:00 53087365
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/IO/IO.so
2b8230b3c000-2b8230b3d000 r--p 00003000 fd:00 53087365
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/IO/IO.so
2b8230b3d000-2b8230b3e000 rw-p 00004000 fd:00 53087365
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/IO/IO.so
2b8230b3e000-2b8230b46000 r-xp 00000000 fd:00 53087378
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Socket/Socket.so
2b8230b46000-2b8230d46000 ---p 00008000 fd:00 53087378
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Socket/Socket.so
2b8230d46000-2b8230d48000 r--p 00008000 fd:00 53087378
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Socket/Socket.so
2b8230d48000-2b8230d49000 rw-p 0000a000 fd:00 53087378
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Socket/Socket.so
2b8230d49000-2b8230d4d000 r-xp 00000000 fd:00 52955286
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Socket6/Socket6.so
2b8230d4d000-2b8230f4c000 ---p 00004000 fd:00 52955286
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Socket6/Socket6.so
2b8230f4c000-2b8230f4d000 r--p 00003000 fd:00 52955286
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Socket6/Socket6.so
2b8230f4d000-2b8230f4e000 rw-p 00004000 fd:00 52955286
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Socket6/Socket6.so
2b8230f4e000-2b8230f5a000 r-xp 00000000 fd:00 39062088
/usr/lib64/libnss_files-2.17.so
2b8230f5a000-2b8231159000 ---p 0000c000 fd:00 39062088
/usr/lib64/libnss_files-2.17.so
2b8231159000-2b823115a000 r--p 0000b000 fd:00 39062088
/usr/lib64/libnss_files-2.17.so
2b823115a000-2b823115b000 rw-p 0000c000 fd:00 39062088
/usr/lib64/libnss_files-2.17.so
2b823115b000-2b8231161000 rw-p 00000000 00:00 0
2b8231161000-2b8231164000 r-xp 00000000 fd:00 53087357
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Fcntl/Fcntl.so
2b8231164000-2b8231364000 ---p 00003000 fd:00 53087357
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Fcntl/Fcntl.so
2b8231364000-2b8231365000 r--p 00003000 fd:00 53087357
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Fcntl/Fcntl.so
2b8231365000-2b8231366000 rw-p 00004000 fd:00 53087357
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Fcntl/Fcntl.so
2b8231366000-2b823136c000 r-xp 00000000 fd:00 53087383
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Time/HiRes/HiRes.so
2b823136c000-2b823156b000 ---p 00006000 fd:00 53087383
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Time/HiRes/HiRes.so
2b823156b000-2b823156c000 r--p 00005000 fd:00 53087383
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Time/HiRes/HiRes.so
2b823156c000-2b823156d000 rw-p 00006000 fd:00 53087383
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Time/HiRes/HiRes.so
2b823156d000-2b8231574000 r-xp 00000000 fd:00 39062091
/usr/lib64/librt-2.17.so
2b8231574000-2b8231773000 ---p 00007000 fd:00 39062091
/usr/lib64/librt-2.17.so
2b8231773000-2b8231774000 r--p 00006000 fd:00 39062091
/usr/lib64/librt-2.17.so
2b8231774000-2b8231775000 rw-p 00007000 fd:00 39062091
/usr/lib64/librt-2.17.so
2b8231775000-2b823178a000 r-xp 00000000 fd:00 53087372
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/POSIX/POSIX.so
2b823178a000-2b8231989000 ---p 00015000 fd:00 53087372
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/POSIX/POSIX.so
2b8231989000-2b823198c000 r--p 00014000 fd:00 53087372
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/POSIX/POSIX.so
2b823198c000-2b823198d000 rw-p 00017000 fd:00 53087372
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/POSIX/POSIX.so
2b823198d000-2b8231991000 r-xp 00000000 fd:00 52954426
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/NetAddr/IP/Util/Util.so
2b8231991000-2b8231b91000 ---p 00004000 fd:00 52954426
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/NetAddr/IP/Util/Util.so
2b8231b91000-2b8231b92000 r--p 00004000 fd:00 52954426
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/NetAddr/IP/Util/Util.so
2b8231b92000-2b8231b93000 rw-p 00005000 fd:00 52954426
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/NetAddr/IP/Util/Util.so
2b8231b93000-2b8231b96000 r-xp 00000000 fd:00 52826325
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Cwd/Cwd.so
2b8231b96000-2b8231d95000 ---p 00003000 fd:00 52826325
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Cwd/Cwd.so
2b8231d95000-2b8231d96000 r--p 00002000 fd:00 52826325
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Cwd/Cwd.so
2b8231d96000-2b8231d97000 rw-p 00003000 fd:00 52826325
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Cwd/Cwd.so
2b8231d97000-2b8231d98000 r-xp 00000000 fd:00 53089097
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Sys/Hostname/Hostname.so
2b8231d98000-2b8231f97000 ---p 00001000 fd:00 53089097
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Sys/Hostname/Hostname.so
2b8231f97000-2b8231f98000 r--p 00000000 fd:00 53089097
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Sys/Hostname/Hostname.so
2b8231f98000-2b8231f99000 rw-p 00001000 fd:00 53089097
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Sys/Hostname/Hostname.so
2b8231f99000-2b8231f9c000 r-xp 00000000 fd:00 53089093
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/MIME/Base64/Base64.so
2b8231f9c000-2b823219b000 ---p 00003000 fd:00 53089093
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/MIME/Base64/Base64.so
2b823219b000-2b823219c000 r--p 00002000 fd:00 53089093
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/MIME/Base64/Base64.so
2b823219c000-2b823219d000 rw-p 00003000 fd:00 53089093
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/MIME/Base64/Base64.so
2b823219d000-2b82321a2000 r-xp 00000000 fd:00 53087359
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/File/Glob/Glob.so
2b82321a2000-2b82323a1000 ---p 00005000 fd:00 53087359
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/File/Glob/Glob.so
2b82323a1000-2b82323a2000 r--p 00004000 fd:00 53087359
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/File/Glob/Glob.so
2b82323a2000-2b82323a3000 rw-p 00005000 fd:00 53087359
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/File/Glob/Glob.so
2b82323a3000-2b82323ac000 r-xp 00000000 fd:00 53089088
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Digest/SHA/SHA.so
2b82323ac000-2b82325ab000 ---p 00009000 fd:00 53089088
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Digest/SHA/SHA.so
2b82325ab000-2b82325ac000 r--p 00008000 fd:00 53089088
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Digest/SHA/SHA.so
2b82325ac000-2b82325ad000 rw-p 00009000 fd:00 53089088
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Digest/SHA/SHA.so
2b82325ad000-2b82325b6000 r-xp 00000000 fd:00 52954281
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/HTML/Parser/Parser.so
2b82325b6000-2b82327b6000 ---p 00009000 fd:00 52954281
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/HTML/Parser/Parser.so
2b82327b6000-2b82327b7000 r--p 00009000 fd:00 52954281
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/HTML/Parser/Parser.so
2b82327b7000-2b82327b8000 rw-p 0000a000 fd:00 52954281
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/HTML/Parser/Parser.so
2b82327b8000-2b82327c1000 r-xp 00000000 fd:00 52826379
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Encode/Encode.so
2b82327c1000-2b82329c0000 ---p 00009000 fd:00 52826379
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Encode/Encode.so
2b82329c0000-2b82329c1000 r--p 00008000 fd:00 52826379
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Encode/Encode.so
2b82329c1000-2b82329c2000 rw-p 00009000 fd:00 52826379
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Encode/Encode.so
2b82329c2000-2b82329db000 r-xp 00000000 fd:00 53084452
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Encode/Detect/Detector/Detector.so
2b82329db000-2b8232bdb000 ---p 00019000 fd:00 53084452
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Encode/Detect/Detector/Detector.so
2b8232bdb000-2b8232bdc000 r--p 00019000 fd:00 53084452
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Encode/Detect/Detector/Detector.so
2b8232bdc000-2b8232be6000 rw-p 0001a000 fd:00 53084452
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Encode/Detect/Detector/Detector.so
2b8232be6000-2b8232ccf000 r-xp 00000000 fd:00 39060082
/usr/lib64/libstdc++.so.6.0.19
2b8232ccf000-2b8232ece000 ---p 000e9000 fd:00 39060082
/usr/lib64/libstdc++.so.6.0.19
2b8232ece000-2b8232ed6000 r--p 000e8000 fd:00 39060082
/usr/lib64/libstdc++.so.6.0.19
2b8232ed6000-2b8232ed8000 rw-p 000f0000 fd:00 39060082
/usr/lib64/libstdc++.so.6.0.19
2b8232ed8000-2b8232eed000 rw-p 00000000 00:00 0
2b8232eed000-2b8232f02000 r-xp 00000000 fd:00 39061186
/usr/lib64/libgcc_s-4.8.5-20150702.so.1
2b8232f02000-2b8233101000 ---p 00015000 fd:00 39061186
/usr/lib64/libgcc_s-4.8.5-20150702.so.1
2b8233101000-2b8233102000 r--p 00014000 fd:00 39061186
/usr/lib64/libgcc_s-4.8.5-20150702.so.1
2b8233102000-2b8233103000 rw-p 00015000 fd:00 39061186
/usr/lib64/libgcc_s-4.8.5-20150702.so.1
2b8233103000-2b823310d000 r-xp 00000000 fd:00 53087367
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/List/Util/Util.so
2b823310d000-2b823330c000 ---p 0000a000 fd:00 53087367
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/List/Util/Util.so
2b823330c000-2b823330d000 r--p 00009000 fd:00 53087367
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/List/Util/Util.so
2b823330d000-2b823330e000 rw-p 0000a000 fd:00 53087367
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/List/Util/Util.so
2b823330e000-2b8233311000 r-xp 00000000 fd:00 53089098
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Sys/Syslog/Syslog.so
2b8233311000-2b8233510000 ---p 00003000 fd:00 53089098
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Sys/Syslog/Syslog.so
2b8233510000-2b8233511000 r--p 00002000 fd:00 53089098
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Sys/Syslog/Syslog.so
2b8233511000-2b8233512000 rw-p 00003000 fd:00 53089098
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Sys/Syslog/Syslog.so
2b8233512000-2b8233547000 r--s 00000000 fd:00 24903832
/var/db/nscd/passwd
2b8233547000-2b823354b000 r-xp 00000000 fd:00 52826461
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Digest/SHA1/SHA1.so
2b823354b000-2b823374a000 ---p 00004000 fd:00 52826461
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Digest/SHA1/SHA1.so
2b823374a000-2b823374b000 r--p 00003000 fd:00 52826461
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Digest/SHA1/SHA1.so
2b823374b000-2b823374c000 rw-p 00004000 fd:00 52826461
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Digest/SHA1/SHA1.so
2b823374c000-2b8233753000 r-xp 00000000 fd:00 53089086
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Data/Dumper/Dumper.so
2b8233753000-2b8233952000 ---p 00007000 fd:00 53089086
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Data/Dumper/Dumper.so
2b8233952000-2b8233953000 r--p 00006000 fd:00 53089086
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Data/Dumper/Dumper.so
2b8233953000-2b8233954000 rw-p 00007000 fd:00 53089086
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/Data/Dumper/Dumper.so
2b8233954000-2b8233958000 r-xp 00000000 fd:00 53084573
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Razor2/Preproc/deHTMLxs/deHTMLxs.so
2b8233958000-2b8233b57000 ---p 00004000 fd:00 53084573
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Razor2/Preproc/deHTMLxs/deHTMLxs.so
2b8233b57000-2b8233b58000 r--p 00003000 fd:00 53084573
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Razor2/Preproc/deHTMLxs/deHTMLxs.so
2b8233b58000-2b8233b59000 rw-p 00004000 fd:00 53084573
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Razor2/Preproc/deHTMLxs/deHTMLxs.so
2b8233b59000-2b8233bbb000 r-xp 00000000 fd:00 52954088
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Net/SSLeay/SSLeay.so
2b8233bbb000-2b8233dba000 ---p 00062000 fd:00 52954088
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Net/SSLeay/SSLeay.so
2b8233dba000-2b8233dbb000 r--p 00061000 fd:00 52954088
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Net/SSLeay/SSLeay.so
2b8233dbb000-2b8233dbd000 rw-p 00062000 fd:00 52954088
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Net/SSLeay/SSLeay.so
2b8233dbd000-2b8233e24000 r-xp 00000000 fd:00 39060742
/usr/lib64/libssl.so.1.0.2k
2b8233e24000-2b8234024000 ---p 00067000 fd:00 39060742
/usr/lib64/libssl.so.1.0.2k
2b8234024000-2b8234028000 r--p 00067000 fd:00 39060742
/usr/lib64/libssl.so.1.0.2k
2b8234028000-2b823402f000 rw-p 0006b000 fd:00 39060742
/usr/lib64/libssl.so.1.0.2k
2b823402f000-2b8234265000 r-xp 00000000 fd:00 39060740
/usr/lib64/libcrypto.so.1.0.2k
2b8234265000-2b8234465000 ---p 00236000 fd:00 39060740
/usr/lib64/libcrypto.so.1.0.2k
2b8234465000-2b8234481000 r--p 00236000 fd:00 39060740
/usr/lib64/libcrypto.so.1.0.2k
2b8234481000-2b823448e000 rw-p 00252000 fd:00 39060740
/usr/lib64/libcrypto.so.1.0.2k
2b823448e000-2b8234492000 rw-p 00000000 00:00 0
2b8234492000-2b82344a7000 r-xp 00000000 fd:00 39060152
/usr/lib64/libz.so.1.2.7
2b82344a7000-2b82346a6000 ---p 00015000 fd:00 39060152
/usr/lib64/libz.so.1.2.7
2b82346a6000-2b82346a7000 r--p 00014000 fd:00 39060152
/usr/lib64/libz.so.1.2.7
2b82346a7000-2b82346a8000 rw-p 00015000 fd:00 39060152
/usr/lib64/libz.so.1.2.7
2b82346a8000-2b82346f2000 r-xp 00000000 fd:00 39060159
/usr/lib64/libgssapi_krb5.so.2.2
2b82346f2000-2b82348f2000 ---p 0004a000 fd:00 39060159
/usr/lib64/libgssapi_krb5.so.2.2
2b82348f2000-2b82348f3000 r--p 0004a000 fd:00 39060159
/usr/lib64/libgssapi_krb5.so.2.2
2b82348f3000-2b82348f5000 rw-p 0004b000 fd:00 39060159
/usr/lib64/libgssapi_krb5.so.2.2
2b82348f5000-2b82349ce000 r-xp 00000000 fd:00 39060731
/usr/lib64/libkrb5.so.3.3
2b82349ce000-2b8234bcd000 ---p 000d9000 fd:00 39060731
/usr/lib64/libkrb5.so.3.3
2b8234bcd000-2b8234bdb000 r--p 000d8000 fd:00 39060731
/usr/lib64/libkrb5.so.3.3
2b8234bdb000-2b8234bde000 rw-p 000e6000 fd:00 39060731
/usr/lib64/libkrb5.so.3.3
2b8234bde000-2b8234be1000 r-xp 00000000 fd:00 39060163
/usr/lib64/libcom_err.so.2.1
2b8234be1000-2b8234de0000 ---p 00003000 fd:00 39060163
/usr/lib64/libcom_err.so.2.1
2b8234de0000-2b8234de1000 r--p 00002000 fd:00 39060163
/usr/lib64/libcom_err.so.2.1
2b8234de1000-2b8234de2000 rw-p 00003000 fd:00 39060163
/usr/lib64/libcom_err.so.2.1
2b8234de2000-2b8234e13000 r-xp 00000000 fd:00 39060721
/usr/lib64/libk5crypto.so.3.1
2b8234e13000-2b8235012000 ---p 00031000 fd:00 39060721
/usr/lib64/libk5crypto.so.3.1
2b8235012000-2b8235014000 r--p 00030000 fd:00 39060721
/usr/lib64/libk5crypto.so.3.1
2b8235014000-2b8235015000 rw-p 00032000 fd:00 39060721
/usr/lib64/libk5crypto.so.3.1
2b8235015000-2b8235023000 r-xp 00000000 fd:00 39062492
/usr/lib64/libkrb5support.so.0.1
2b8235023000-2b8235223000 ---p 0000e000 fd:00 39062492
/usr/lib64/libkrb5support.so.0.1
2b8235223000-2b8235224000 r--p 0000e000 fd:00 39062492
/usr/lib64/libkrb5support.so.0.1
2b8235224000-2b8235225000 rw-p 0000f000 fd:00 39062492
/usr/lib64/libkrb5support.so.0.1
2b8235225000-2b8235228000 r-xp 00000000 fd:00 39060513
/usr/lib64/libkeyutils.so.1.5
2b8235228000-2b8235427000 ---p 00003000 fd:00 39060513
/usr/lib64/libkeyutils.so.1.5
2b8235427000-2b8235428000 r--p 00002000 fd:00 39060513
/usr/lib64/libkeyutils.so.1.5
2b8235428000-2b8235429000 rw-p 00003000 fd:00 39060513
/usr/lib64/libkeyutils.so.1.5
2b8235429000-2b823543f000 r-xp 00000000 fd:00 39062090
/usr/lib64/libresolv-2.17.so
2b823543f000-2b823563f000 ---p 00016000 fd:00 39062090
/usr/lib64/libresolv-2.17.so
2b823563f000-2b8235640000 r--p 00016000 fd:00 39062090
/usr/lib64/libresolv-2.17.so
2b8235640000-2b8235641000 rw-p 00017000 fd:00 39062090
/usr/lib64/libresolv-2.17.so
2b8235641000-2b8235643000 rw-p 00000000 00:00 0
2b8235643000-2b8235667000 r-xp 00000000 fd:00 39060078
/usr/lib64/libselinux.so.1
2b8235667000-2b8235866000 ---p 00024000 fd:00 39060078
/usr/lib64/libselinux.so.1
2b8235866000-2b8235867000 r--p 00023000 fd:00 39060078
/usr/lib64/libselinux.so.1
2b8235867000-2b8235868000 rw-p 00024000 fd:00 39060078
/usr/lib64/libselinux.so.1
2b8235868000-2b823586a000 rw-p 00000000 00:00 0
2b823586a000-2b82358ca000 r-xp 00000000 fd:00 39060140
/usr/lib64/libpcre.so.1.2.0
2b82358ca000-2b8235aca000 ---p 00060000 fd:00 39060140
/usr/lib64/libpcre.so.1.2.0
2b8235aca000-2b8235acb000 r--p 00060000 fd:00 39060140
/usr/lib64/libpcre.so.1.2.0
2b8235acb000-2b8235acc000 rw-p 00061000 fd:00 39060140
/usr/lib64/libpcre.so.1.2.0
2b8235acc000-2b8235b4d000 rw-p 00000000 00:00 0
2b8235b4d000-2b8235b50000 r-xp 00000000 fd:00 53084649
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/BSD/Resource/Resource.so
2b8235b50000-2b8235d50000 ---p 00003000 fd:00 53084649
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/BSD/Resource/Resource.so
2b8235d50000-2b8235d51000 r--p 00003000 fd:00 53084649
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/BSD/Resource/Resource.so
2b8235d51000-2b8235d52000 rw-p 00004000 fd:00 53084649
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/BSD/Resource/Resource.so
2b8235d52000-2b8235e8e000 r-xp 00000000 fd:00 25299148
/var/lib/spamassassin/compiled/5.030/3.004004/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so
2b8235e8e000-2b823608d000 ---p 0013c000 fd:00 25299148
/var/lib/spamassassin/compiled/5.030/3.004004/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so
2b823608d000-2b823608e000 r--p 0013b000 fd:00 25299148
/var/lib/spamassassin/compiled/5.030/3.004004/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so
2b823608e000-2b823608f000 rw-p 0013c000 fd:00 25299148
/var/lib/spamassassin/compiled/5.030/3.004004/auto/Mail/SpamAssassin/CompiledRegexps/body_0/body_0.so
2b823608f000-2b8236099000 r-xp 00000000 fd:00 53087343
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/DB_File/DB_File.so
2b8236099000-2b8236298000 ---p 0000a000 fd:00 53087343
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/DB_File/DB_File.so
2b8236298000-2b8236299000 r--p 00009000 fd:00 53087343
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/DB_File/DB_File.so
2b8236299000-2b823629a000 rw-p 0000a000 fd:00 53087343
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/5.30.0/x86_64-linux-64int/auto/DB_File/DB_File.so
2b823629a000-2b823644f000 r-xp 00000000 fd:00 39062398
/usr/lib64/libdb-5.3.so
2b823644f000-2b823664f000 ---p 001b5000 fd:00 39062398
/usr/lib64/libdb-5.3.so
2b823664f000-2b8236656000 r--p 001b5000 fd:00 39062398
/usr/lib64/libdb-5.3.so
2b8236656000-2b8236659000 rw-p 001bc000 fd:00 39062398
/usr/lib64/libdb-5.3.so
2b8236659000-2b8236661000 r-xp 00000000 fd:00 53085471
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/Bignum/Bignum.so
2b8236661000-2b8236860000 ---p 00008000 fd:00 53085471
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/Bignum/Bignum.so
2b8236860000-2b8236861000 r--p 00007000 fd:00 53085471
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/Bignum/Bignum.so
2b8236861000-2b8236862000 rw-p 00008000 fd:00 53085471
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/Bignum/Bignum.so
2b8236862000-2b8236869000 r-xp 00000000 fd:00 52958067
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/RSA/RSA.so
2b8236869000-2b8236a68000 ---p 00007000 fd:00 52958067
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/RSA/RSA.so
2b8236a68000-2b8236a69000 r--p 00006000 fd:00 52958067
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/RSA/RSA.so
2b8236a69000-2b8236a6a000 rw-p 00007000 fd:00 52958067
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/Crypt/OpenSSL/RSA/RSA.so
2b8236a6a000-2b8236a72000 r-xp 00000000 fd:00 39063160
/usr/lib64/libnss_sss.so.2
2b8236a72000-2b8236c71000 ---p 00008000 fd:00 39063160
/usr/lib64/libnss_sss.so.2
2b8236c71000-2b8236c72000 r--p 00007000 fd:00 39063160
/usr/lib64/libnss_sss.so.2
2b8236c72000-2b8236c73000 rw-p 00008000 fd:00 39063160
/usr/lib64/libnss_sss.so.2
2b8236c73000-2b8236c78000 r-xp 00000000 fd:00 53085047
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/CDB_File/CDB_File.so
2b8236c78000-2b8236e77000 ---p 00005000 fd:00 53085047
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/CDB_File/CDB_File.so
2b8236e77000-2b8236e78000 r--p 00004000 fd:00 53085047
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/CDB_File/CDB_File.so
2b8236e78000-2b8236e79000 rw-p 00005000 fd:00 53085047
/usr/local/cpanel/3rdparty/perl/530/lib/perl5/cpanel_lib/x86_64-linux-64int/auto/CDB_File/CDB_File.so
2b8236e79000-2b823714f000 r--s 00000000 fd:00 24907809
/var/cpanel/locale/en.cdb
7ffe269ed000-7ffe26a0e000 rw-p 00000000 00:00 0
[stack]
7ffe26baa000-7ffe26bac000 r-xp 00000000 00:00 0
[vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]

Does this look malicious?