This script runs immediately on load, uses Node.js core modules to execute shell commands (e.g., ls/dir, whoami, sudo -l, history, process lists), reads sensitive files (.bashrc, .env, /etc/passwd or Windows SAM, /etc/hosts, /proc/version), harvests all environment variables and process info, and fetches public IP details from https://ipapi[.]co/json. It then serializes a comprehensive JSON payload and exfiltrates it via HTTPS POST to the hardcoded domain https://d2jir5pdoh0514pqop007fmz11pp19m4a[.]insomnia1102[.]online. This constitutes an unauthorized backdoor/data-harvesting malware.