TLDR: I can’t say for 100% sure, but there are multiple reasons to believe that this is malware.

Long version: I’m seeing multiple suspicious things here.

• The IPs being connected to are part of some hoster and have some abuse reports: https://www.abuseipdb.com/check-block/217.20.58.98/29

• The domain being resolved is qcloud[.]com, which belongs to Tencent Cloud and definitely not Microsoft.

• Other domains in memory like counter-strike[.]com[.]ua are very new and definitely sound fishy.

• A standalone version of 7zip is being run and extracts the created rar file with the password “infected”. Real alarm bells here.

• A lot of the registry actions look like anti-debugging, which does not sound like something an Illustrator Plugin would do.

Sure thing, the reasons that are most important for me personally are better multi-attach, easier splitting and resize, better plugin ecosystem and it being more modern and actively maintained in general.

I much prefer tmux over screen.

Take a look into borg backup.

Yeah, what a disappointment. This guy brought shame to the security community because he was salty that his vulnerability didn’t get the attention it “deserved”.

This link should be working.

Quoting from the OP tweet:

* Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago.
* Full disclosure happening in less than 2 weeks (as agreed with devs).
* Still no CVE assigned (there should be at least 3, possibly 4, ideally 6).
* Still no working fix.
* Canonical, RedHat and others have confirmed the severity, a 9.9, check screenshot.
* Devs are still arguing about whether or not some of the issues have a security impact.

I’ve spent the last 3 weeks of my sabbatical working full time on this research, reporting, coordination and so on with the sole purpose of helping and pretty much only got patronized because the devs just can’t accept that their code is crap - responsible disclosure: no more.

Are you passing CloudFlare captchas with that? I’m using a VPN and whenever I hit a CloudFlare captcha with a modified user agent, it doesn’t let me pass.