Hi @hari123 
To help track down where the juma process is being called/executed from, you can use top -c to see the full command that juma process is using and
lsof lsof(8) - Linux manual page
lsof -c juma
This will list all files the juma process has opened.
As it appears, your server has been compromised, you might find the suggestions here helpful: CVE-2021-22205: How to determine if a self-managed instance has been impacted - #19 by gitlab-greg