[Day 19] Memory forensics CrypTOYminers Sing Volala-lala-latility
What is the exposed password that we find from the bash history output? What is the PID of the miner process that we find? What is the MD5 hash of the miner process? What is the MD5 hash of the mysqlserver process? Use the command strings extracted/miner.<PID from question 2>.0x400000 | grep http://. What is the suspicious URL? (Fully defang the URL