Cron
/Play/GlasgowSmile/4-Post_Enumeration/attachments/{63B75C68-4F6C-4CE6-9B4B-D66A3207832D}.png)
/Play/GlasgowSmile/4-Post_Enumeration/attachments/{B65236D2-F396-42D8-82EA-7BB123E1C68F}.png)
PSPY has captured the root cronjob process that is executing the /home/penguin/SomeoneWhoHidesBehindAMask/.trash_old file every minute.
Now that the lateral movement to the penguin user has been made, the file can be overwritten to gain code execution leveraging the root cronjob, under the security context of the root account.
Moving onto the Privilege Escalation phase.