Last active
June 21, 2020 19:43
-
-
Save alastairparagas/2b2267c3f50fda04309d1e9f596097f7 to your computer and use it in GitHub Desktop.
Set to 0.05% volatility
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ 3671.330080] Anomaly Detection (Kernel Hook) - Alastair Paragas | |
| [ 3671.334482] Syscall table address: 000000009c24251c | |
| [ 3671.334484] sizeof(unsigned long long *): 8 | |
| [ 3671.334484] sizeof(sys_call_table) : 8 | |
| [ 3681.637345] Execve: /usr/bin/sudo, ./target | |
| [ 3681.647421] Execve: ./target, rJgVdaRJqFc7fiCE7Q6M | |
| [ 3689.614274] Execve: /usr/bin/sudo, ./target | |
| [ 3689.624160] Execve: ./target, DR8wEkyRevYXlZMWvmvg | |
| [ 3697.999832] Execve: /usr/bin/sudo, ./target | |
| [ 3698.007720] Execve: ./target, ZeFeXLPHJNzfEwFBrhiW | |
| [ 3702.385209] [+] Anomaly found: ZeFeXLPHJNzfEwFBrhiW: rename syscall, 5 misses | |
| [ 3702.386056] [+] Anomaly found: ZeFeXLPHJNzfEwFBrhiW: write syscall, 4 misses | |
| [ 3702.387714] [+] Anomaly found: ZeFeXLPHJNzfEwFBrhiW: read syscall, 3 misses | |
| [ 3702.387743] [+] Anomaly found: ZeFeXLPHJNzfEwFBrhiW: openat syscall, 3 misses | |
| [ 3702.387837] [+] Anomaly found: ZeFeXLPHJNzfEwFBrhiW: clone syscall, 4 misses | |
| [ 3702.387877] [+] Anomaly found: ZeFeXLPHJNzfEwFBrhiW: read syscall, 3 misses | |
| [ 3702.387886] [+] Anomaly found: ZeFeXLPHJNzfEwFBrhiW: openat syscall, 5 misses | |
| [ 3702.387916] [+] Anomaly found: ZeFeXLPHJNzfEwFBrhiW: exit syscall, 3 misses | |
| [ 3702.387953] [+] Anomaly found: ZeFeXLPHJNzfEwFBrhiW: clone syscall, 5 misses | |
| [ 3708.788513] Execve: /usr/bin/sudo, ./target | |
| [ 3708.798750] Execve: ./target, 7K2WZ67HF4ETsMIyeOiU | |
| [ 3710.782240] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: write syscall, 1 misses | |
| [ 3710.782263] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 1 misses | |
| [ 3710.783602] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 2 misses | |
| [ 3710.783705] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: clone syscall, 2 misses | |
| [ 3710.783794] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 1 misses | |
| [ 3710.783804] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: openat syscall, 1 misses | |
| [ 3710.794776] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 1 misses | |
| [ 3710.794788] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 1 misses | |
| [ 3710.794800] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: wait4 syscall, 4 misses | |
| [ 3710.794840] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: close syscall, 3 misses | |
| [ 3710.794846] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: close syscall, 2 misses | |
| [ 3710.795858] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: exit syscall, 3 misses | |
| [ 3710.796221] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 2 misses | |
| [ 3710.796337] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 1 misses | |
| [ 3710.796350] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 1 misses | |
| [ 3710.796446] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: close syscall, 1 misses | |
| [ 3710.796474] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: close syscall, 1 misses | |
| [ 3710.797356] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: clone syscall, 5 misses | |
| [ 3710.797402] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 4 misses | |
| [ 3710.797424] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: openat syscall, 4 misses | |
| [ 3710.797467] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: exit syscall, 6 misses | |
| [ 3710.797492] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: clone syscall, 6 misses | |
| [ 3710.797511] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 3 misses | |
| [ 3710.798435] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: openat syscall, 2 misses | |
| [ 3710.798451] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: fstat syscall, 4 misses | |
| [ 3710.798457] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 2 misses | |
| [ 3710.798464] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: close syscall, 3 misses | |
| [ 3710.798485] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: openat syscall, 5 misses | |
| [ 3710.798492] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: fstat syscall, 3 misses | |
| [ 3710.798877] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: exit syscall, 1 misses | |
| [ 3710.799012] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: munmap syscall, 3 misses | |
| [ 3710.799035] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: munmap syscall, 3 misses | |
| [ 3710.799047] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: munmap syscall, 3 misses | |
| [ 3710.799063] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: munmap syscall, 4 misses | |
| [ 3710.799078] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: munmap syscall, 4 misses | |
| [ 3710.799100] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: munmap syscall, 3 misses | |
| [ 3710.799490] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 1 misses | |
| [ 3710.799508] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: openat syscall, 2 misses | |
| [ 3710.799557] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: clone syscall, 6 misses | |
| [ 3710.799585] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 5 misses | |
| [ 3710.799593] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: openat syscall, 5 misses | |
| [ 3710.799616] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: exit syscall, 5 misses | |
| [ 3710.805059] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: wait4 syscall, 5 misses | |
| [ 3710.805677] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: write syscall, 4 misses | |
| [ 3710.807538] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 3 misses | |
| [ 3710.807565] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: openat syscall, 4 misses | |
| [ 3710.813583] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: write syscall, 4 misses | |
| [ 3710.813626] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 2 misses | |
| [ 3710.813846] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: write syscall, 2 misses | |
| [ 3710.819605] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: exit syscall, 1 misses | |
| [ 3710.819707] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: clone syscall, 2 misses | |
| [ 3710.819784] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 2 misses | |
| [ 3710.819805] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: openat syscall, 1 misses | |
| [ 3710.822119] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 1 misses | |
| [ 3710.822133] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 1 misses | |
| [ 3710.822143] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: write syscall, 1 misses | |
| [ 3710.822172] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 1 misses | |
| [ 3710.823528] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 1 misses | |
| [ 3710.826923] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: exit syscall, 2 misses | |
| [ 3710.827059] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: clone syscall, 4 misses | |
| [ 3717.394002] Execve: /usr/bin/sudo, ./target | |
| [ 3717.405576] Execve: ./target, vULPKZelg89oZAdN0epB | |
| [ 3717.411639] [+] Anomaly found: vULPKZelg89oZAdN0epB: brk syscall, 1 misses | |
| [ 3717.411646] [+] Anomaly found: vULPKZelg89oZAdN0epB: brk syscall, 2 misses | |
| [ 3718.797631] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 1 misses | |
| [ 3718.797739] [+] Anomaly found: vULPKZelg89oZAdN0epB: brk syscall, 2 misses | |
| [ 3718.798208] [+] Anomaly found: vULPKZelg89oZAdN0epB: brk syscall, 2 misses | |
| [ 3718.798996] [+] Anomaly found: vULPKZelg89oZAdN0epB: brk syscall, 2 misses | |
| [ 3718.799785] [+] Anomaly found: vULPKZelg89oZAdN0epB: brk syscall, 2 misses | |
| [ 3718.799835] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 2 misses | |
| [ 3718.803454] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 2 misses | |
| [ 3718.803542] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses | |
| [ 3718.803580] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, 1 misses | |
| [ 3718.803655] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 1 misses | |
| [ 3718.803866] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 1 misses | |
| [ 3718.803918] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses | |
| [ 3718.818149] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 1 misses | |
| [ 3718.821008] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 1 misses | |
| [ 3718.821055] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses | |
| [ 3718.821079] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, 2 misses | |
| [ 3718.821127] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 2 misses | |
| [ 3718.831781] [+] Anomaly found: vULPKZelg89oZAdN0epB: brk syscall, 4 misses | |
| [ 3718.832101] [+] Anomaly found: vULPKZelg89oZAdN0epB: brk syscall, 6 misses | |
| [ 3718.838311] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 6 misses | |
| [ 3718.838905] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 6 misses | |
| [ 3718.838914] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 4 misses | |
| [ 3718.838966] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 2 misses | |
| [ 3718.842319] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 1 misses | |
| [ 3718.842367] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 1 misses | |
| [ 3718.842585] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses | |
| [ 3718.849254] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 1 misses | |
| [ 3718.849271] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 1 misses | |
| [ 3718.849279] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 1 misses | |
| [ 3718.849286] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 1 misses | |
| [ 3718.849293] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 1 misses | |
| [ 3718.849299] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 1 misses | |
| [ 3718.853164] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 1 misses | |
| [ 3718.853200] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 1 misses | |
| [ 3718.853221] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses | |
| [ 3718.858497] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 2 misses | |
| [ 3718.858536] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 3 misses | |
| [ 3718.858541] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 3 misses | |
| [ 3718.858545] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 2 misses | |
| [ 3718.858549] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 2 misses | |
| [ 3718.858559] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 2 misses | |
| [ 3718.858578] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 1 misses | |
| [ 3718.861354] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 1 misses | |
| [ 3718.861399] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses | |
| [ 3718.861417] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, 1 misses | |
| [ 3718.861458] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 1 misses | |
| [ 3718.861484] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 1 misses | |
| [ 3718.861502] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses | |
| [ 3718.868874] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 2 misses | |
| [ 3718.868910] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 3 misses | |
| [ 3718.868923] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 3 misses | |
| [ 3718.868930] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 2 misses | |
| [ 3718.868937] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 2 misses | |
| [ 3718.868943] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 2 misses | |
| [ 3718.868949] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 1 misses | |
| [ 3718.874021] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 1 misses | |
| [ 3718.874053] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 1 misses | |
| [ 3718.874075] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses | |
| [ 3718.879704] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 2 misses | |
| [ 3718.883521] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 2 misses | |
| [ 3718.883554] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, 2 misses | |
| [ 3718.885333] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 2 misses | |
| [ 3718.885379] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 2 misses | |
| [ 3718.885401] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, 3 misses | |
| [ 3718.885446] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 2 misses | |
| [ 3718.890784] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 2 misses | |
| [ 3718.891328] [+] Anomaly found: vULPKZelg89oZAdN0epB: brk syscall, 2 misses | |
| [ 3718.891450] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 2 misses | |
| [ 3718.891474] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, 1 misses | |
| [ 3718.892514] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 1 misses | |
| [ 3718.893284] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 1 misses | |
| [ 3718.893434] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 3 misses | |
| [ 3718.893488] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses | |
| [ 3718.893635] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 1 misses | |
| [ 3718.893676] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 1 misses | |
| [ 3718.893704] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses | |
| [ 3718.897427] [+] Anomaly found: vULPKZelg89oZAdN0epB: brk syscall, 2 misses | |
| [ 3718.897679] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 2 misses | |
| [ 3718.897874] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 1 misses | |
| [ 3718.900325] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 1 misses | |
| [ 3718.900412] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 1 misses | |
| [ 3718.900450] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses | |
| [ 3718.906902] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 1 misses | |
| [ 3718.906935] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 1 misses | |
| [ 3718.906941] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 1 misses | |
| [ 3718.906952] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses | |
| [ 3718.907019] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 1 misses | |
| [ 3718.907032] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 1 misses | |
| [ 3718.909333] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 1 misses | |
| [ 3718.909375] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses | |
| [ 3718.909393] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, 1 misses | |
| [ 3718.909435] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 1 misses | |
| [ 3718.909459] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 1 misses | |
| [ 3718.909476] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses | |
| [ 3718.917795] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 1 misses | |
| [ 3718.918063] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 2 misses | |
| [ 3719.436799] [+] Anomaly found: vULPKZelg89oZAdN0epB: wait4 syscall, 1 misses | |
| [ 3719.440737] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses | |
| [ 3719.440761] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, 3 misses | |
| [ 3719.440812] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 7 misses | |
| [ 3719.440846] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 6 misses | |
| [ 3719.440855] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, 7 misses | |
| [ 3719.440884] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 5 misses | |
| [ 3721.466615] [+] Anomaly found: vULPKZelg89oZAdN0epB: mprotect syscall, 1 misses | |
| [ 3721.466638] [+] Anomaly found: vULPKZelg89oZAdN0epB: mprotect syscall, 1 misses | |
| [ 3721.466646] [+] Anomaly found: vULPKZelg89oZAdN0epB: mprotect syscall, 1 misses | |
| [ 3721.466653] [+] Anomaly found: vULPKZelg89oZAdN0epB: mprotect syscall, 2 misses | |
| [ 3721.466673] [+] Anomaly found: vULPKZelg89oZAdN0epB: mprotect syscall, 3 misses | |
| [ 3721.466680] [+] Anomaly found: vULPKZelg89oZAdN0epB: mprotect syscall, 4 misses | |
| [ 3721.467607] [+] Anomaly found: vULPKZelg89oZAdN0epB: mprotect syscall, 1 misses | |
| [ 3721.467620] [+] Anomaly found: vULPKZelg89oZAdN0epB: mprotect syscall, 2 misses | |
| [ 3721.467631] [+] Anomaly found: vULPKZelg89oZAdN0epB: mprotect syscall, 3 misses | |
| [ 3721.467921] [+] Anomaly found: vULPKZelg89oZAdN0epB: mprotect syscall, 3 misses | |
| [ 3721.467938] [+] Anomaly found: vULPKZelg89oZAdN0epB: mprotect syscall, 3 misses | |
| [ 3726.844478] Execve: /usr/bin/sudo, ./target | |
| [ 3726.859875] Execve: ./target, q4fw1kn34W19Ne7qpfZI | |
| [ 3731.935944] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: rename syscall, 1 misses | |
| [ 3731.936106] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: write syscall, 1 misses | |
| [ 3731.936195] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: write syscall, 2 misses | |
| [ 3731.936659] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: mprotect syscall, 2 misses | |
| [ 3731.936691] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: mprotect syscall, 3 misses | |
| [ 3731.937651] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: write syscall, 2 misses | |
| [ 3731.938372] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, 2 misses | |
| [ 3731.939542] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, 1 misses | |
| [ 3731.939580] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, 1 misses | |
| [ 3731.939589] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, 1 misses | |
| [ 3731.939618] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, 2 misses | |
| [ 3731.939642] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, 3 misses | |
| [ 3731.939659] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, 3 misses | |
| [ 3732.565566] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: write syscall, 1 misses | |
| [ 3732.565605] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: write syscall, 2 misses | |
| [ 3732.565753] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, 2 misses | |
| [ 3732.566230] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, 2 misses | |
| [ 3732.566238] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, 2 misses | |
| [ 3732.566257] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, 2 misses | |
| [ 3732.584732] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, 1 misses | |
| [ 3732.584781] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, 1 misses | |
| [ 3732.584801] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, 1 misses | |
| [ 3732.584846] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, 1 misses | |
| [ 3732.584869] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, 1 misses | |
| [ 3732.584887] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, 1 misses | |
| [ 3735.821761] Execve: /usr/bin/sudo, ./target | |
| [ 3735.831289] Execve: ./target, Z08SXrUu9lhMVRVWZ0Pn | |
| [ 3735.831648] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: mmap syscall, 1 misses | |
| [ 3735.831681] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: mmap syscall, 1 misses | |
| [ 3735.831686] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: mmap syscall, 1 misses | |
| [ 3735.831765] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: mprotect syscall, 1 misses | |
| [ 3735.831772] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: mmap syscall, 1 misses | |
| [ 3735.831784] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: mprotect syscall, 1 misses | |
| [ 3735.844156] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: execve syscall, 6 misses | |
| [ 3735.844639] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: brk syscall, 5 misses | |
| [ 3735.844760] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: openat syscall, 4 misses | |
| [ 3735.844925] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: fstat syscall, 4 misses | |
| [ 3735.844932] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: mmap syscall, 3 misses | |
| [ 3735.844940] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: close syscall, 3 misses | |
| [ 3735.845015] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: openat syscall, 2 misses | |
| [ 3735.846362] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: exit syscall, 4 misses | |
| [ 3735.846404] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: mmap syscall, 4 misses | |
| [ 3735.846420] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: mprotect syscall, 3 misses | |
| [ 3735.846435] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: mmap syscall, 3 misses | |
| [ 3735.846464] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: close syscall, 3 misses | |
| [ 3735.846489] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: openat syscall, 4 misses | |
| [ 3735.846500] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 3 misses | |
| [ 3735.849328] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: clone syscall, 1 misses | |
| [ 3735.849375] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 1 misses | |
| [ 3735.849398] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: openat syscall, 1 misses | |
| [ 3735.849446] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: exit syscall, 1 misses | |
| [ 3735.849480] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: clone syscall, 1 misses | |
| [ 3735.849503] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 1 misses | |
| [ 3735.852420] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: exit_group syscall, 5 misses | |
| [ 3735.854023] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: write syscall, 4 misses | |
| [ 3735.854093] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 3 misses | |
| [ 3735.854101] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 2 misses | |
| [ 3735.854220] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: wait4 syscall, 2 misses | |
| [ 3735.857407] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: write syscall, 1 misses | |
| [ 3735.857509] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 1 misses | |
| [ 3735.857613] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: write syscall, 1 misses | |
| [ 3735.857620] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 1 misses | |
| [ 3735.857627] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 1 misses | |
| [ 3735.857926] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: clone syscall, 1 misses | |
| [ 3735.857962] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 1 misses | |
| [ 3735.857972] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: openat syscall, 2 misses | |
| [ 3735.858014] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: exit syscall, 2 misses | |
| [ 3735.864215] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: wait4 syscall, 1 misses | |
| [ 3735.865230] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: write syscall, 1 misses | |
| [ 3735.865599] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: write syscall, 1 misses | |
| [ 3735.865626] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: write syscall, 2 misses | |
| [ 3735.865642] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 2 misses | |
| [ 3735.866068] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 2 misses | |
| [ 3735.866544] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: write syscall, 2 misses | |
| [ 3743.771255] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: rename syscall, 1 misses | |
| [ 3743.771629] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 2 misses | |
| [ 3743.771658] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: openat syscall, 3 misses | |
| [ 3743.773410] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: fstat syscall, 4 misses | |
| [ 3743.773491] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: clone syscall, 6 misses | |
| [ 3743.773535] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 5 misses | |
| [ 3743.773554] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: openat syscall, 6 misses | |
| [ 3743.773597] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: exit syscall, 2 misses | |
| [ 3743.773622] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: clone syscall, 3 misses | |
| [ 3743.773640] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 3 misses | |
| [ 3747.509178] Execve: /usr/bin/sudo, ./target | |
| [ 3747.514909] [+] Anomaly found: munmap syscall, 1 misses | |
| [ 3747.514946] [+] Anomaly found: munmap syscall, 1 misses | |
| [ 3747.514958] [+] Anomaly found: munmap syscall, 1 misses | |
| [ 3747.515013] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3747.515026] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3747.515543] [+] Anomaly found: clone syscall, 1 misses | |
| [ 3747.515616] [+] Anomaly found: exit syscall, 1 misses | |
| [ 3747.516734] [+] Anomaly found: fstat syscall, 2 misses | |
| [ 3747.516842] [+] Anomaly found: mmap syscall, 4 misses | |
| [ 3747.516854] [+] Anomaly found: mprotect syscall, 2 misses | |
| [ 3747.519570] [+] Anomaly found: mprotect syscall, 1 misses | |
| [ 3747.519590] [+] Anomaly found: mmap syscall, 1 misses | |
| [ 3747.519624] [+] Anomaly found: close syscall, 1 misses | |
| [ 3747.520049] [+] Anomaly found: exit syscall, 1 misses | |
| [ 3747.520161] [+] Anomaly found: read syscall, 1 misses | |
| [ 3747.520167] [+] Anomaly found: close syscall, 2 misses | |
| [ 3747.520209] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3747.520305] [+] Anomaly found: fstat syscall, 3 misses | |
| [ 3747.520309] [+] Anomaly found: read syscall, 2 misses | |
| [ 3747.520325] [+] Anomaly found: read syscall, 2 misses | |
| [ 3747.521618] [+] Anomaly found: clone syscall, 4 misses | |
| [ 3747.521662] [+] Anomaly found: read syscall, 3 misses | |
| [ 3747.521680] [+] Anomaly found: openat syscall, 3 misses | |
| [ 3747.521719] [+] Anomaly found: exit syscall, 4 misses | |
| [ 3747.540772] Execve: ./target, A6WoRXruEMEz89YBRK4v | |
| [ 3749.692990] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, 1 misses | |
| [ 3749.692998] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, 1 misses | |
| [ 3749.693003] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, 1 misses | |
| [ 3749.693131] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: write syscall, 2 misses | |
| [ 3749.693146] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, 2 misses | |
| [ 3749.693405] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: wait4 syscall, 5 misses | |
| [ 3749.694003] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: write syscall, 2 misses | |
| [ 3749.695684] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, 2 misses | |
| [ 3749.695716] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, 2 misses | |
| [ 3749.695976] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, 2 misses | |
| [ 3749.696185] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, 1 misses | |
| [ 3749.696302] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, 1 misses | |
| [ 3750.648066] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: write syscall, 1 misses | |
| [ 3750.648128] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: write syscall, 1 misses | |
| [ 3750.648142] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, 1 misses | |
| [ 3750.651404] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, 1 misses | |
| [ 3750.651435] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, 1 misses | |
| [ 3750.655639] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, 2 misses | |
| [ 3752.103849] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: rename syscall, 1 misses | |
| [ 3752.106247] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, 2 misses | |
| [ 3752.106336] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: write syscall, 3 misses | |
| [ 3752.107799] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, 4 misses | |
| [ 3752.107825] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, 5 misses | |
| [ 3752.108796] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, 4 misses | |
| [ 3752.109100] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: write syscall, 4 misses | |
| [ 3757.693037] Execve: /usr/bin/sudo, ./target | |
| [ 3757.695964] [+] Anomaly found: munmap syscall, 1 misses | |
| [ 3757.696048] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3757.696064] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3757.696070] [+] Anomaly found: read syscall, 1 misses | |
| [ 3757.696085] [+] Anomaly found: read syscall, 1 misses | |
| [ 3757.698242] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3757.698323] [+] Anomaly found: read syscall, 1 misses | |
| [ 3757.698343] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3757.698387] [+] Anomaly found: clone syscall, 1 misses | |
| [ 3757.698418] [+] Anomaly found: read syscall, 1 misses | |
| [ 3757.698426] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3757.698456] [+] Anomaly found: exit syscall, 1 misses | |
| [ 3757.701931] [+] Anomaly found: munmap syscall, 2 misses | |
| [ 3757.702446] [+] Anomaly found: munmap syscall, 2 misses | |
| [ 3757.702464] [+] Anomaly found: munmap syscall, 3 misses | |
| [ 3757.702519] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3757.712077] [+] Anomaly found: exit syscall, 3 misses | |
| [ 3757.712111] [+] Anomaly found: close syscall, 3 misses | |
| [ 3757.712159] [+] Anomaly found: mprotect syscall, 3 misses | |
| [ 3757.712183] [+] Anomaly found: mprotect syscall, 2 misses | |
| [ 3757.712194] [+] Anomaly found: munmap syscall, 2 misses | |
| [ 3757.712221] [+] Anomaly found: read syscall, 2 misses | |
| [ 3757.712230] [+] Anomaly found: close syscall, 1 misses | |
| [ 3757.715670] [+] Anomaly found: clone syscall, 4 misses | |
| [ 3757.715705] [+] Anomaly found: read syscall, 3 misses | |
| [ 3757.715716] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3757.715752] [+] Anomaly found: exit syscall, 2 misses | |
| [ 3757.723679] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3757.723973] [+] Anomaly found: read syscall, 1 misses | |
| [ 3757.723997] [+] Anomaly found: read syscall, 1 misses | |
| [ 3757.726215] [+] Anomaly found: exit syscall, 2 misses | |
| [ 3757.726432] [+] Anomaly found: close syscall, 1 misses | |
| [ 3757.726499] [+] Anomaly found: clone syscall, 2 misses | |
| [ 3757.727078] [+] Anomaly found: close syscall, 1 misses | |
| [ 3757.727227] [+] Anomaly found: close syscall, 1 misses | |
| [ 3757.727265] [+] Anomaly found: close syscall, 2 misses | |
| [ 3757.727277] [+] Anomaly found: close syscall, 2 misses | |
| [ 3757.727354] Execve: ./target, GSHGSSQCtwnukMSFSMUo | |
| [ 3757.727556] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 3 misses | |
| [ 3757.727588] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 3 misses | |
| [ 3757.727598] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 3 misses | |
| [ 3757.727630] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 3 misses | |
| [ 3757.728250] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 2 misses | |
| [ 3757.728270] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 2 misses | |
| [ 3757.728285] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses | |
| [ 3757.728292] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 2 misses | |
| [ 3757.728312] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 2 misses | |
| [ 3757.734668] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: mmap syscall, 2 misses | |
| [ 3757.734679] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: mmap syscall, 2 misses | |
| [ 3757.734777] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: mprotect syscall, 1 misses | |
| [ 3757.737661] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 3 misses | |
| [ 3757.737915] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 4 misses | |
| [ 3757.737965] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 4 misses | |
| [ 3757.737989] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 2 misses | |
| [ 3757.742305] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 2 misses | |
| [ 3757.742378] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: fstat syscall, 1 misses | |
| [ 3757.742431] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: close syscall, 1 misses | |
| [ 3757.742495] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 3 misses | |
| [ 3757.742508] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses | |
| [ 3757.744461] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 4 misses | |
| [ 3757.745313] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: mprotect syscall, 3 misses | |
| [ 3757.745398] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: mprotect syscall, 3 misses | |
| [ 3757.745459] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: mprotect syscall, 2 misses | |
| [ 3757.745642] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: mprotect syscall, 1 misses | |
| [ 3757.745853] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 1 misses | |
| [ 3757.745894] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses | |
| [ 3757.745914] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 1 misses | |
| [ 3757.745958] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 2 misses | |
| [ 3757.745990] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 3 misses | |
| [ 3757.746012] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 3 misses | |
| [ 3757.751148] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: brk syscall, 4 misses | |
| [ 3757.751202] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: brk syscall, 6 misses | |
| [ 3757.751779] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 4 misses | |
| [ 3757.751820] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 5 misses | |
| [ 3757.752999] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 7 misses | |
| [ 3759.652585] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses | |
| [ 3759.652596] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses | |
| [ 3759.652601] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses | |
| [ 3759.652713] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 2 misses | |
| [ 3759.652732] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 2 misses | |
| [ 3759.653677] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 2 misses | |
| [ 3759.654181] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: wait4 syscall, 2 misses | |
| [ 3759.654410] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 3 misses | |
| [ 3759.654418] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 3 misses | |
| [ 3759.654423] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 3 misses | |
| [ 3759.654443] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 2 misses | |
| [ 3759.654449] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses | |
| [ 3759.654452] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses | |
| [ 3762.082351] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses | |
| [ 3762.082848] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: mmap syscall, 2 misses | |
| [ 3762.082868] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: mprotect syscall, 3 misses | |
| [ 3762.082894] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: mprotect syscall, 4 misses | |
| [ 3762.083334] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: mprotect syscall, 5 misses | |
| [ 3762.091275] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 1 misses | |
| [ 3762.091807] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 1 misses | |
| [ 3762.092491] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: mprotect syscall, 1 misses | |
| [ 3764.812368] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses | |
| [ 3764.812437] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 2 misses | |
| [ 3764.812632] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: mprotect syscall, 3 misses | |
| [ 3764.812675] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: mprotect syscall, 4 misses | |
| [ 3764.812934] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 4 misses | |
| [ 3764.812980] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 4 misses | |
| [ 3764.820278] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 1 misses | |
| [ 3764.820321] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses | |
| [ 3764.820339] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 1 misses | |
| [ 3764.820381] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 2 misses | |
| [ 3764.820407] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 3 misses | |
| [ 3764.820424] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 3 misses | |
| [ 3764.826763] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 1 misses | |
| [ 3764.829794] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 1 misses | |
| [ 3764.829847] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses | |
| [ 3764.829867] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 1 misses | |
| [ 3764.829912] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 1 misses | |
| [ 3764.829946] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 1 misses | |
| [ 3764.829964] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses | |
| [ 3766.248433] Execve: /usr/bin/sudo, ./target | |
| [ 3766.256072] [+] Anomaly found: mmap syscall, 1 misses | |
| [ 3766.256185] [+] Anomaly found: munmap syscall, 2 misses | |
| [ 3766.256194] [+] Anomaly found: close syscall, 2 misses | |
| [ 3766.256268] [+] Anomaly found: close syscall, 2 misses | |
| [ 3766.256278] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3766.256287] [+] Anomaly found: fstat syscall, 2 misses | |
| [ 3766.257342] Execve: ./target, hPgukk0ZQaDx2J5mb0hO | |
| [ 3766.259576] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, 1 misses | |
| [ 3766.261185] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, 1 misses | |
| [ 3766.261208] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 1 misses | |
| [ 3766.261216] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: openat syscall, 2 misses | |
| [ 3766.261240] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: exit syscall, 2 misses | |
| [ 3766.274854] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: fstat syscall, 1 misses | |
| [ 3766.274866] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: write syscall, 1 misses | |
| [ 3766.274907] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: write syscall, 1 misses | |
| [ 3766.274914] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 1 misses | |
| [ 3766.274920] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 1 misses | |
| [ 3766.277056] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, 1 misses | |
| [ 3766.277095] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 1 misses | |
| [ 3766.277112] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: openat syscall, 1 misses | |
| [ 3766.277150] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: exit syscall, 1 misses | |
| [ 3766.277175] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, 1 misses | |
| [ 3766.277194] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 1 misses | |
| [ 3766.636050] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: write syscall, 1 misses | |
| [ 3766.636110] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: write syscall, 1 misses | |
| [ 3766.636121] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: write syscall, 1 misses | |
| [ 3766.636133] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: write syscall, 1 misses | |
| [ 3766.636140] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: write syscall, 1 misses | |
| [ 3766.636148] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: write syscall, 1 misses | |
| [ 3766.643402] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, 1 misses | |
| [ 3766.652225] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: brk syscall, 3 misses | |
| [ 3766.652515] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: brk syscall, 4 misses | |
| [ 3766.656949] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 4 misses | |
| [ 3766.656998] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: openat syscall, 4 misses | |
| [ 3766.658840] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: write syscall, 3 misses | |
| [ 3766.659073] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, 2 misses | |
| [ 3766.659122] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 1 misses | |
| [ 3766.659141] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: openat syscall, 1 misses | |
| [ 3766.659185] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: exit syscall, 1 misses | |
| [ 3766.659218] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, 1 misses | |
| [ 3766.659242] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 1 misses | |
| [ 3772.542312] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: rename syscall, 1 misses | |
| [ 3772.543383] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 2 misses | |
| [ 3772.543411] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: openat syscall, 3 misses | |
| [ 3772.543436] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: fstat syscall, 4 misses | |
| [ 3772.543495] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, 6 misses | |
| [ 3772.543536] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 5 misses | |
| [ 3772.543545] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: openat syscall, 6 misses | |
| [ 3772.543575] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: exit syscall, 2 misses | |
| [ 3772.543599] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, 3 misses | |
| [ 3772.543617] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 3 misses | |
| [ 3777.199719] Execve: /usr/bin/sudo, ./target | |
| [ 3777.203076] [+] Anomaly found: write syscall, 1 misses | |
| [ 3777.203084] [+] Anomaly found: read syscall, 1 misses | |
| [ 3777.203089] [+] Anomaly found: read syscall, 1 misses | |
| [ 3777.203099] [+] Anomaly found: write syscall, 1 misses | |
| [ 3777.203114] [+] Anomaly found: read syscall, 1 misses | |
| [ 3777.203133] [+] Anomaly found: read syscall, 1 misses | |
| [ 3777.206255] [+] Anomaly found: clone syscall, 3 misses | |
| [ 3777.206286] [+] Anomaly found: read syscall, 2 misses | |
| [ 3777.206294] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3777.209079] [+] Anomaly found: mmap syscall, 1 misses | |
| [ 3777.212927] [+] Anomaly found: exit syscall, 2 misses | |
| [ 3777.213036] [+] Anomaly found: fstat syscall, 2 misses | |
| [ 3777.213163] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3777.213186] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3777.213193] [+] Anomaly found: read syscall, 1 misses | |
| [ 3777.213309] [+] Anomaly found: read syscall, 1 misses | |
| [ 3777.214077] [+] Anomaly found: write syscall, 1 misses | |
| [ 3777.214739] [+] Anomaly found: clone syscall, 2 misses | |
| [ 3777.214783] [+] Anomaly found: read syscall, 2 misses | |
| [ 3777.214805] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3777.214850] [+] Anomaly found: exit syscall, 1 misses | |
| [ 3777.214884] [+] Anomaly found: clone syscall, 1 misses | |
| [ 3777.214905] [+] Anomaly found: read syscall, 1 misses | |
| [ 3777.223908] Execve: ./target, dXjO1qNOb3I3OFvlJKy2 | |
| [ 3777.224161] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: exit syscall, 2 misses | |
| [ 3777.224305] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: openat syscall, 2 misses | |
| [ 3777.224321] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: fstat syscall, 5 misses | |
| [ 3777.224326] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, 5 misses | |
| [ 3777.224333] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: close syscall, 5 misses | |
| [ 3777.224351] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: openat syscall, 6 misses | |
| [ 3777.224359] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: fstat syscall, 3 misses | |
| [ 3777.241096] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: exit syscall, 1 misses | |
| [ 3777.241932] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: close syscall, 1 misses | |
| [ 3777.241952] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: fstat syscall, 2 misses | |
| [ 3777.245339] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: clone syscall, 1 misses | |
| [ 3777.245382] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, 1 misses | |
| [ 3777.245401] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: openat syscall, 1 misses | |
| [ 3777.245445] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: exit syscall, 1 misses | |
| [ 3777.245476] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: clone syscall, 1 misses | |
| [ 3777.245498] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, 1 misses | |
| [ 3779.328954] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, 1 misses | |
| [ 3779.334499] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, 1 misses | |
| [ 3779.334861] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, 1 misses | |
| [ 3779.334913] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, 1 misses | |
| [ 3779.334923] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, 1 misses | |
| [ 3779.334941] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, 1 misses | |
| [ 3779.335547] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: exit syscall, 1 misses | |
| [ 3779.345280] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: munmap syscall, 2 misses | |
| [ 3779.345457] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: munmap syscall, 2 misses | |
| [ 3779.346445] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: exit_group syscall, 4 misses | |
| [ 3779.347927] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, 5 misses | |
| [ 3779.347991] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: openat syscall, 6 misses | |
| [ 3779.348461] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, 4 misses | |
| [ 3779.348525] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, 3 misses | |
| [ 3779.348549] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, 3 misses | |
| [ 3779.349055] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: wait4 syscall, 6 misses | |
| [ 3779.349968] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: exit syscall, 3 misses | |
| [ 3779.350153] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, 3 misses | |
| [ 3779.350513] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, 3 misses | |
| [ 3779.350582] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, 4 misses | |
| [ 3779.350608] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, 3 misses | |
| [ 3779.352395] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: clone syscall, 5 misses | |
| [ 3779.352456] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, 1 misses | |
| [ 3779.352484] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: openat syscall, 1 misses | |
| [ 3779.352540] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: exit syscall, 1 misses | |
| [ 3779.352572] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: clone syscall, 1 misses | |
| [ 3779.352595] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, 1 misses | |
| [ 3779.360130] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: brk syscall, 1 misses | |
| [ 3781.970546] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: rename syscall, 2 misses | |
| [ 3781.971165] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, 3 misses | |
| [ 3781.971246] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, 3 misses | |
| [ 3781.971265] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, 3 misses | |
| [ 3781.971270] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, 3 misses | |
| [ 3781.971282] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, 2 misses | |
| [ 3781.971343] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, 2 misses | |
| [ 3781.976264] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: close syscall, 1 misses | |
| [ 3781.978933] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, 1 misses | |
| [ 3781.985888] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: exit syscall, 1 misses | |
| [ 3785.788810] Execve: /usr/bin/sudo, ./target | |
| [ 3785.793782] [+] Anomaly found: write syscall, 1 misses | |
| [ 3785.793916] [+] Anomaly found: write syscall, 1 misses | |
| [ 3785.794084] [+] Anomaly found: fstat syscall, 2 misses | |
| [ 3785.794173] [+] Anomaly found: read syscall, 2 misses | |
| [ 3785.794194] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3785.794308] [+] Anomaly found: clone syscall, 1 misses | |
| [ 3785.794346] [+] Anomaly found: read syscall, 1 misses | |
| [ 3785.794358] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3785.794390] [+] Anomaly found: exit syscall, 1 misses | |
| [ 3785.798403] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3785.798412] [+] Anomaly found: mmap syscall, 3 misses | |
| [ 3785.798440] [+] Anomaly found: munmap syscall, 4 misses | |
| [ 3785.798454] [+] Anomaly found: close syscall, 2 misses | |
| [ 3785.800770] [+] Anomaly found: exit syscall, 4 misses | |
| [ 3785.800989] [+] Anomaly found: openat syscall, 3 misses | |
| [ 3785.801005] [+] Anomaly found: read syscall, 2 misses | |
| [ 3785.801013] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3785.801021] [+] Anomaly found: mmap syscall, 1 misses | |
| [ 3785.801117] [+] Anomaly found: mprotect syscall, 2 misses | |
| [ 3785.802425] [+] Anomaly found: clone syscall, 4 misses | |
| [ 3785.802507] [+] Anomaly found: read syscall, 3 misses | |
| [ 3785.802528] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3785.802572] [+] Anomaly found: exit syscall, 3 misses | |
| [ 3785.802605] [+] Anomaly found: clone syscall, 1 misses | |
| [ 3785.802627] [+] Anomaly found: read syscall, 1 misses | |
| [ 3785.813493] [+] Anomaly found: exit syscall, 1 misses | |
| [ 3785.813540] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3785.813553] [+] Anomaly found: fstat syscall, 2 misses | |
| [ 3785.813558] [+] Anomaly found: read syscall, 1 misses | |
| [ 3785.813593] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3785.813601] [+] Anomaly found: read syscall, 1 misses | |
| [ 3785.813606] [+] Anomaly found: fstat syscall, 2 misses | |
| [ 3785.821843] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3785.822032] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3785.822049] [+] Anomaly found: fstat syscall, 4 misses | |
| [ 3785.822055] [+] Anomaly found: mmap syscall, 2 misses | |
| [ 3785.824221] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3785.824241] [+] Anomaly found: mmap syscall, 2 misses | |
| [ 3785.824384] [+] Anomaly found: munmap syscall, 3 misses | |
| [ 3785.824398] [+] Anomaly found: close syscall, 3 misses | |
| [ 3785.824426] [+] Anomaly found: openat syscall, 4 misses | |
| [ 3785.824537] [+] Anomaly found: fstat syscall, 5 misses | |
| [ 3785.825798] [+] Anomaly found: clone syscall, 2 misses | |
| [ 3785.825850] [+] Anomaly found: read syscall, 2 misses | |
| [ 3785.825875] [+] Anomaly found: openat syscall, 3 misses | |
| [ 3785.825927] [+] Anomaly found: exit syscall, 4 misses | |
| [ 3785.825971] [+] Anomaly found: clone syscall, 3 misses | |
| [ 3785.826010] [+] Anomaly found: read syscall, 3 misses | |
| [ 3785.827200] [+] Anomaly found: close syscall, 1 misses | |
| [ 3785.827223] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3785.827582] [+] Anomaly found: exit syscall, 2 misses | |
| [ 3785.827800] [+] Anomaly found: read syscall, 1 misses | |
| [ 3785.827813] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3785.827841] [+] Anomaly found: clone syscall, 1 misses | |
| [ 3785.827864] [+] Anomaly found: read syscall, 1 misses | |
| [ 3785.827873] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3785.827901] [+] Anomaly found: exit syscall, 2 misses | |
| [ 3785.830362] [+] Anomaly found: close syscall, 1 misses | |
| [ 3785.830367] [+] Anomaly found: close syscall, 1 misses | |
| [ 3785.830452] Execve: ./target, 7dM3nU58rlXLP8VhY7PQ | |
| [ 3785.836872] Execve: /bin/sh, yarr | |
| [ 3785.836880] [+] Anomaly found: yarr: execve syscall, 6 misses | |
| [ 3785.837019] [+] Anomaly found: yarr: brk syscall, 5 misses | |
| [ 3785.837052] [+] Anomaly found: yarr: openat syscall, 4 misses | |
| [ 3785.837058] [+] Anomaly found: yarr: fstat syscall, 4 misses | |
| [ 3785.837062] [+] Anomaly found: yarr: mmap syscall, 3 misses | |
| [ 3785.837066] [+] Anomaly found: yarr: close syscall, 3 misses | |
| [ 3785.837076] [+] Anomaly found: yarr: openat syscall, 2 misses | |
| [ 3785.841289] [+] Anomaly found: yarr: exit_group syscall, 3 misses | |
| [ 3785.841490] [+] Anomaly found: yarr: write syscall, 3 misses | |
| [ 3785.841534] [+] Anomaly found: yarr: read syscall, 3 misses | |
| [ 3785.841539] [+] Anomaly found: yarr: read syscall, 2 misses | |
| [ 3785.841549] [+] Anomaly found: yarr: wait4 syscall, 1 misses | |
| [ 3785.841661] [+] Anomaly found: yarr: close syscall, 1 misses | |
| [ 3785.842204] [+] Anomaly found: yarr: exit syscall, 1 misses | |
| [ 3785.842298] [+] Anomaly found: yarr: clone syscall, 3 misses | |
| [ 3785.842339] [+] Anomaly found: yarr: read syscall, 3 misses | |
| [ 3785.842360] [+] Anomaly found: yarr: openat syscall, 3 misses | |
| [ 3785.842410] [+] Anomaly found: yarr: exit syscall, 2 misses | |
| [ 3785.843929] [+] Anomaly found: yarr: munmap syscall, 2 misses | |
| [ 3785.843967] [+] Anomaly found: yarr: munmap syscall, 3 misses | |
| [ 3785.843984] [+] Anomaly found: yarr: munmap syscall, 5 misses | |
| [ 3785.844007] [+] Anomaly found: yarr: munmap syscall, 4 misses | |
| [ 3785.844023] [+] Anomaly found: yarr: munmap syscall, 4 misses | |
| [ 3785.844042] [+] Anomaly found: yarr: munmap syscall, 3 misses | |
| [ 3785.860616] [+] Anomaly found: yarr: exit syscall, 1 misses | |
| [ 3785.865378] [+] Anomaly found: yarr: clone syscall, 1 misses | |
| [ 3785.865428] [+] Anomaly found: yarr: read syscall, 1 misses | |
| [ 3785.865451] [+] Anomaly found: yarr: openat syscall, 1 misses | |
| [ 3785.865500] [+] Anomaly found: yarr: exit syscall, 1 misses | |
| [ 3785.865533] [+] Anomaly found: yarr: clone syscall, 1 misses | |
| [ 3785.865556] [+] Anomaly found: yarr: read syscall, 1 misses | |
| [ 3790.218890] [+] Anomaly found: yarr: read syscall, 1 misses | |
| [ 3790.219812] [+] Anomaly found: yarr: read syscall, 1 misses | |
| [ 3790.219838] [+] Anomaly found: yarr: openat syscall, 2 misses | |
| [ 3790.221722] [+] Anomaly found: yarr: clone syscall, 3 misses | |
| [ 3790.221770] [+] Anomaly found: yarr: read syscall, 3 misses | |
| [ 3790.221790] [+] Anomaly found: yarr: openat syscall, 4 misses | |
| [ 3792.659685] [+] Anomaly found: yarr: openat syscall, 1 misses | |
| [ 3792.659712] [+] Anomaly found: yarr: fstat syscall, 1 misses | |
| [ 3792.659718] [+] Anomaly found: yarr: mmap syscall, 1 misses | |
| [ 3792.659730] [+] Anomaly found: yarr: close syscall, 1 misses | |
| [ 3792.659748] [+] Anomaly found: yarr: munmap syscall, 1 misses | |
| [ 3792.659791] [+] Anomaly found: yarr: openat syscall, 1 misses | |
| [ 3792.670068] [+] Anomaly found: yarr: clone syscall, 3 misses | |
| [ 3792.670115] [+] Anomaly found: yarr: read syscall, 2 misses | |
| [ 3792.670134] [+] Anomaly found: yarr: openat syscall, 2 misses | |
| [ 3792.670177] [+] Anomaly found: yarr: exit syscall, 2 misses | |
| [ 3792.670210] [+] Anomaly found: yarr: clone syscall, 3 misses | |
| [ 3792.670229] [+] Anomaly found: yarr: read syscall, 3 misses | |
| [ 3792.736456] [+] Anomaly found: yarr: mprotect syscall, 1 misses | |
| [ 3792.736505] [+] Anomaly found: yarr: mprotect syscall, 1 misses | |
| [ 3792.736770] [+] Anomaly found: yarr: write syscall, 1 misses | |
| [ 3794.499048] Execve: /usr/bin/sudo, ./target | |
| [ 3794.510111] Execve: ./target, lEiTPQ31HjpuxO3Gcn3m | |
| [ 3795.606041] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mmap syscall, 1 misses | |
| [ 3795.606066] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mprotect syscall, 1 misses | |
| [ 3795.606181] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mprotect syscall, 1 misses | |
| [ 3795.607503] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 1 misses | |
| [ 3795.607532] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, 1 misses | |
| [ 3795.607723] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, 3 misses | |
| [ 3795.607786] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 1 misses | |
| [ 3795.622647] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: brk syscall, 3 misses | |
| [ 3795.623030] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: brk syscall, 5 misses | |
| [ 3795.623528] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 5 misses | |
| [ 3795.623581] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, 5 misses | |
| [ 3795.625620] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, 4 misses | |
| [ 3795.625678] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 3 misses | |
| [ 3795.625707] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, 1 misses | |
| [ 3795.625765] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, 2 misses | |
| [ 3796.493098] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, 1 misses | |
| [ 3796.493118] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: fstat syscall, 2 misses | |
| [ 3796.493123] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 2 misses | |
| [ 3796.493131] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: close syscall, 3 misses | |
| [ 3796.493147] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, 4 misses | |
| [ 3796.493154] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: fstat syscall, 5 misses | |
| [ 3796.495134] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: wait4 syscall, 2 misses | |
| [ 3796.495762] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, 1 misses | |
| [ 3796.498373] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 1 misses | |
| [ 3796.498403] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, 1 misses | |
| [ 3796.498472] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, 2 misses | |
| [ 3796.498515] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 1 misses | |
| [ 3796.498527] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, 1 misses | |
| [ 3798.873147] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 1 misses | |
| [ 3798.873411] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, 1 misses | |
| [ 3798.873430] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 1 misses | |
| [ 3798.873569] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, 1 misses | |
| [ 3798.877285] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, 1 misses | |
| [ 3798.877328] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 1 misses | |
| [ 3798.877346] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, 1 misses | |
| [ 3798.877387] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, 2 misses | |
| [ 3798.877413] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, 3 misses | |
| [ 3798.877431] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 3 misses | |
| [ 3802.828725] Execve: /usr/bin/sudo, ./target | |
| [ 3802.831700] [+] Anomaly found: munmap syscall, 1 misses | |
| [ 3802.831797] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3802.831814] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3802.831821] [+] Anomaly found: read syscall, 1 misses | |
| [ 3802.831836] [+] Anomaly found: read syscall, 1 misses | |
| [ 3802.838569] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3802.838585] [+] Anomaly found: fstat syscall, 2 misses | |
| [ 3802.838621] [+] Anomaly found: close syscall, 2 misses | |
| [ 3802.838684] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3802.840639] [+] Anomaly found: exit syscall, 2 misses | |
| [ 3802.841010] [+] Anomaly found: read syscall, 2 misses | |
| [ 3802.841354] [+] Anomaly found: mprotect syscall, 2 misses | |
| [ 3802.841486] [+] Anomaly found: read syscall, 1 misses | |
| [ 3802.841976] [+] Anomaly found: write syscall, 1 misses | |
| [ 3802.842665] [+] Anomaly found: clone syscall, 2 misses | |
| [ 3802.842707] [+] Anomaly found: read syscall, 1 misses | |
| [ 3802.842727] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3802.842771] [+] Anomaly found: exit syscall, 1 misses | |
| [ 3802.842798] [+] Anomaly found: clone syscall, 1 misses | |
| [ 3802.842815] [+] Anomaly found: read syscall, 1 misses | |
| [ 3802.848046] [+] Anomaly found: munmap syscall, 2 misses | |
| [ 3802.848520] [+] Anomaly found: munmap syscall, 2 misses | |
| [ 3802.848542] [+] Anomaly found: munmap syscall, 3 misses | |
| [ 3802.848703] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3802.850010] [+] Anomaly found: write syscall, 1 misses | |
| [ 3802.850025] [+] Anomaly found: write syscall, 1 misses | |
| [ 3802.850151] [+] Anomaly found: read syscall, 1 misses | |
| [ 3802.850314] [+] Anomaly found: write syscall, 1 misses | |
| [ 3802.850513] [+] Anomaly found: read syscall, 1 misses | |
| [ 3802.850878] [+] Anomaly found: write syscall, 1 misses | |
| [ 3802.853134] [+] Anomaly found: clone syscall, 1 misses | |
| [ 3802.853178] [+] Anomaly found: read syscall, 1 misses | |
| [ 3802.853195] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3802.853237] [+] Anomaly found: exit syscall, 1 misses | |
| [ 3802.853268] [+] Anomaly found: clone syscall, 1 misses | |
| [ 3802.853289] [+] Anomaly found: read syscall, 1 misses | |
| [ 3802.856192] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3802.856369] [+] Anomaly found: write syscall, 1 misses | |
| [ 3802.856667] [+] Anomaly found: write syscall, 1 misses | |
| [ 3802.856870] [+] Anomaly found: read syscall, 1 misses | |
| [ 3802.858932] [+] Anomaly found: munmap syscall, 1 misses | |
| [ 3802.859091] [+] Anomaly found: write syscall, 2 misses | |
| [ 3802.859112] [+] Anomaly found: read syscall, 2 misses | |
| [ 3802.859275] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3802.859297] [+] Anomaly found: read syscall, 2 misses | |
| [ 3802.859307] [+] Anomaly found: fstat syscall, 2 misses | |
| [ 3802.859623] [+] Anomaly found: read syscall, 1 misses | |
| [ 3802.860607] [+] Anomaly found: exit syscall, 1 misses | |
| [ 3802.860734] [+] Anomaly found: mmap syscall, 1 misses | |
| [ 3802.860870] [+] Anomaly found: mprotect syscall, 1 misses | |
| [ 3802.860886] [+] Anomaly found: mmap syscall, 2 misses | |
| [ 3802.861004] [+] Anomaly found: close syscall, 2 misses | |
| [ 3802.861028] [+] Anomaly found: mprotect syscall, 2 misses | |
| [ 3802.861073] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3802.862350] [+] Anomaly found: clone syscall, 2 misses | |
| [ 3802.862393] [+] Anomaly found: read syscall, 1 misses | |
| [ 3802.862412] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3802.867317] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3802.867423] [+] Anomaly found: mmap syscall, 3 misses | |
| [ 3802.867436] [+] Anomaly found: close syscall, 3 misses | |
| [ 3802.867913] [+] Anomaly found: read syscall, 1 misses | |
| [ 3802.869081] [+] Anomaly found: mmap syscall, 1 misses | |
| [ 3802.869168] [+] Anomaly found: mprotect syscall, 1 misses | |
| [ 3802.869269] [+] Anomaly found: mprotect syscall, 1 misses | |
| [ 3802.869871] [+] Anomaly found: read syscall, 1 misses | |
| [ 3802.869958] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3802.869979] [+] Anomaly found: read syscall, 1 misses | |
| [ 3802.870967] [+] Anomaly found: exit syscall, 3 misses | |
| [ 3802.871069] [+] Anomaly found: clone syscall, 6 misses | |
| [ 3802.871114] [+] Anomaly found: read syscall, 6 misses | |
| [ 3802.871134] [+] Anomaly found: openat syscall, 4 misses | |
| [ 3802.871183] [+] Anomaly found: exit syscall, 3 misses | |
| [ 3802.871215] [+] Anomaly found: clone syscall, 4 misses | |
| [ 3802.874290] [+] Anomaly found: close syscall, 1 misses | |
| [ 3802.874299] [+] Anomaly found: read syscall, 1 misses | |
| [ 3802.879035] [+] Anomaly found: close syscall, 1 misses | |
| [ 3802.879362] [+] Anomaly found: close syscall, 1 misses | |
| [ 3802.879403] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3802.879496] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3802.879511] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3802.879516] [+] Anomaly found: mmap syscall, 1 misses | |
| [ 3802.882985] [+] Anomaly found: exit syscall, 2 misses | |
| [ 3802.883138] [+] Anomaly found: read syscall, 2 misses | |
| [ 3802.883161] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3802.883217] [+] Anomaly found: clone syscall, 4 misses | |
| [ 3802.883261] [+] Anomaly found: read syscall, 3 misses | |
| [ 3802.883272] [+] Anomaly found: openat syscall, 3 misses | |
| [ 3802.883313] [+] Anomaly found: exit syscall, 2 misses | |
| [ 3802.884279] [+] Anomaly found: close syscall, 1 misses | |
| [ 3802.884299] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3802.884636] [+] Anomaly found: exit syscall, 2 misses | |
| [ 3802.886310] [+] Anomaly found: close syscall, 1 misses | |
| [ 3802.886356] [+] Anomaly found: close syscall, 1 misses | |
| [ 3802.886378] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3802.886400] [+] Anomaly found: fstat syscall, 2 misses | |
| [ 3802.886528] Execve: ./target, saEmNjkM4hUXypeYtRTu | |
| [ 3803.476504] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mmap syscall, 1 misses | |
| [ 3803.476602] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mprotect syscall, 1 misses | |
| [ 3803.476626] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mprotect syscall, 1 misses | |
| [ 3804.862236] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, 1 misses | |
| [ 3804.863470] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: fstat syscall, 3 misses | |
| [ 3804.863932] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, 3 misses | |
| [ 3804.863963] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, 5 misses | |
| [ 3804.864485] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, 7 misses | |
| [ 3804.864547] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, 4 misses | |
| [ 3804.864632] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, 1 misses | |
| [ 3810.765698] Execve: /usr/bin/sudo, ./target | |
| [ 3810.776110] Execve: ./target, fDlhaTpGvo1QiiHKBWXV | |
| [ 3812.699372] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, 1 misses | |
| [ 3812.699406] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, 1 misses | |
| [ 3812.699412] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 1 misses | |
| [ 3812.699418] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 1 misses | |
| [ 3812.699422] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, 1 misses | |
| [ 3812.699440] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 1 misses | |
| [ 3812.707809] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, 1 misses | |
| [ 3812.707931] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, 1 misses | |
| [ 3812.707945] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 1 misses | |
| [ 3812.707955] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 1 misses | |
| [ 3812.707963] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, 1 misses | |
| [ 3812.707995] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 1 misses | |
| [ 3812.767189] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 1 misses | |
| [ 3812.767233] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, 1 misses | |
| [ 3812.768516] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 1 misses | |
| [ 3812.768554] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 2 misses | |
| [ 3812.769773] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 2 misses | |
| [ 3812.773340] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, 2 misses | |
| [ 3812.773448] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: wait4 syscall, 1 misses | |
| [ 3812.773490] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: close syscall, 1 misses | |
| [ 3812.773969] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: clone syscall, 1 misses | |
| [ 3812.774009] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 1 misses | |
| [ 3812.774065] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: exit syscall, 1 misses | |
| [ 3812.774089] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: clone syscall, 1 misses | |
| [ 3812.774108] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 1 misses | |
| [ 3812.784532] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: brk syscall, 1 misses | |
| [ 3812.784668] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 1 misses | |
| [ 3812.784721] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: exit syscall, 5 misses | |
| [ 3812.785030] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: munmap syscall, 7 misses | |
| [ 3812.785074] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: munmap syscall, 7 misses | |
| [ 3812.785108] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: munmap syscall, 8 misses | |
| [ 3812.785146] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: munmap syscall, 9 misses | |
| [ 3812.785166] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: munmap syscall, 4 misses | |
| [ 3812.786171] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: exit_group syscall, 4 misses | |
| [ 3812.787657] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 1 misses | |
| [ 3812.787692] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 2 misses | |
| [ 3812.787783] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: clone syscall, 6 misses | |
| [ 3812.787820] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 5 misses | |
| [ 3812.787833] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 5 misses | |
| [ 3812.787868] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: exit syscall, 5 misses | |
| [ 3812.788895] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: brk syscall, 3 misses | |
| [ 3812.788975] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: exit syscall, 4 misses | |
| [ 3812.789007] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: clone syscall, 7 misses | |
| [ 3812.789029] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 5 misses | |
| [ 3812.789039] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 3 misses | |
| [ 3812.789065] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: exit syscall, 3 misses | |
| [ 3812.789084] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: clone syscall, 3 misses | |
| [ 3812.791729] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: wait4 syscall, 5 misses | |
| [ 3812.792128] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, 4 misses | |
| [ 3812.792165] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 3 misses | |
| [ 3812.792184] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 4 misses | |
| [ 3812.795555] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, 4 misses | |
| [ 3812.795588] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 2 misses | |
| [ 3812.796277] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, 2 misses | |
| [ 3819.917833] Execve: /usr/bin/sudo, ./target | |
| [ 3819.928107] Execve: ./target, EfoCLpTFE8D0s96V7fgs | |
| [ 3821.865140] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, 1 misses | |
| [ 3821.868502] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, 1 misses | |
| [ 3821.868535] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, 2 misses | |
| [ 3821.868618] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, 3 misses | |
| [ 3821.868673] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, 3 misses | |
| [ 3821.868683] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, 4 misses | |
| [ 3821.877217] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: brk syscall, 1 misses | |
| [ 3821.884164] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: wait4 syscall, 3 misses | |
| [ 3821.884200] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: close syscall, 2 misses | |
| [ 3821.884204] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: close syscall, 1 misses | |
| [ 3821.887454] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, 1 misses | |
| [ 3821.887485] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, 2 misses | |
| [ 3821.887783] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: wait4 syscall, 4 misses | |
| [ 3821.889820] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: exit syscall, 8 misses | |
| [ 3821.889916] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, 10 misses | |
| [ 3821.889960] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, 9 misses | |
| [ 3821.889981] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, 4 misses | |
| [ 3821.890040] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: exit syscall, 5 misses | |
| [ 3821.890067] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, 5 misses | |
| [ 3821.890884] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, 1 misses | |
| [ 3821.890895] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, 2 misses | |
| [ 3821.890901] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, 2 misses | |
| [ 3821.890908] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, 1 misses | |
| [ 3821.891566] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, 1 misses | |
| [ 3821.891601] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, 1 misses | |
| [ 3821.891610] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, 2 misses | |
| [ 3821.891636] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: exit syscall, 2 misses | |
| [ 3824.563800] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: close syscall, 1 misses | |
| [ 3824.563819] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: rename syscall, 3 misses | |
| [ 3824.564724] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: write syscall, 3 misses | |
| [ 3824.564747] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, 3 misses | |
| [ 3824.564809] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: write syscall, 3 misses | |
| [ 3824.564836] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: write syscall, 2 misses | |
| [ 3824.672959] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, 1 misses | |
| [ 3824.672992] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: fstat syscall, 4 misses | |
| [ 3824.673036] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, 2 misses | |
| [ 3824.673073] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, 1 misses | |
| [ 3824.678521] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, 2 misses | |
| [ 3824.678576] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, 1 misses | |
| [ 3824.678601] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, 1 misses | |
| [ 3824.678654] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: exit syscall, 2 misses | |
| [ 3824.706837] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: write syscall, 1 misses | |
| [ 3824.706904] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: write syscall, 2 misses | |
| [ 3824.707014] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, 2 misses | |
| [ 3824.707598] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, 2 misses | |
| [ 3824.707627] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, 2 misses | |
| [ 3824.709534] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, 3 misses | |
| [ 3829.795726] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mprotect syscall, 1 misses | |
| [ 3829.795769] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mprotect syscall, 1 misses | |
| [ 3829.796261] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: write syscall, 1 misses | |
| [ 3829.802939] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, 1 misses | |
| [ 3829.802988] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, 1 misses | |
| [ 3829.803009] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, 1 misses | |
| [ 3829.803054] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: exit syscall, 2 misses | |
| [ 3829.803081] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, 3 misses | |
| [ 3829.803100] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, 3 misses | |
| [ 3831.417483] Execve: /usr/bin/sudo, ./target | |
| [ 3831.427149] Execve: ./target, ANBMGkdd2EowBh3Sxc3K | |
| [ 3831.427455] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 1 misses | |
| [ 3831.427472] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, 1 misses | |
| [ 3831.427515] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 2 misses | |
| [ 3831.427551] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, 1 misses | |
| [ 3831.427585] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 1 misses | |
| [ 3831.429047] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mmap syscall, 2 misses | |
| [ 3831.430389] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 2 misses | |
| [ 3831.430765] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: write syscall, 2 misses | |
| [ 3831.430784] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 2 misses | |
| [ 3831.431110] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: write syscall, 2 misses | |
| [ 3831.431138] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: write syscall, 1 misses | |
| [ 3831.435717] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mmap syscall, 1 misses | |
| [ 3831.436138] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mprotect syscall, 1 misses | |
| [ 3831.436151] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mmap syscall, 1 misses | |
| [ 3831.436174] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mprotect syscall, 1 misses | |
| [ 3831.436183] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: open syscall, 3 misses | |
| [ 3831.436208] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 2 misses | |
| [ 3831.438271] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, 3 misses | |
| [ 3831.438361] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, 3 misses | |
| [ 3831.438398] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 3 misses | |
| [ 3831.438417] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, 3 misses | |
| [ 3831.438463] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, 5 misses | |
| [ 3831.438483] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, 4 misses | |
| [ 3831.443600] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mmap syscall, 3 misses | |
| [ 3831.443648] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, 2 misses | |
| [ 3831.443678] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mmap syscall, 4 misses | |
| [ 3831.443764] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mprotect syscall, 4 misses | |
| [ 3831.443798] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mprotect syscall, 2 misses | |
| [ 3831.449324] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, 2 misses | |
| [ 3831.449379] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 2 misses | |
| [ 3831.449406] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, 3 misses | |
| [ 3831.449457] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, 3 misses | |
| [ 3831.449500] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, 1 misses | |
| [ 3831.449524] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 1 misses | |
| [ 3833.382168] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 1 misses | |
| [ 3833.384202] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: brk syscall, 1 misses | |
| [ 3833.384506] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: brk syscall, 2 misses | |
| [ 3833.385938] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 2 misses | |
| [ 3833.385985] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, 3 misses | |
| [ 3833.389572] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, 5 misses | |
| [ 3833.389627] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 1 misses | |
| [ 3833.389650] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, 1 misses | |
| [ 3833.389699] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, 2 misses | |
| [ 3833.400022] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: wait4 syscall, 3 misses | |
| [ 3833.400067] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, 3 misses | |
| [ 3833.400075] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, 2 misses | |
| [ 3833.403597] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, 4 misses | |
| [ 3833.403632] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 3 misses | |
| [ 3833.403642] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, 2 misses | |
| [ 3833.403670] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, 2 misses | |
| [ 3833.406793] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: munmap syscall, 1 misses | |
| [ 3833.407848] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 1 misses | |
| [ 3833.407885] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, 1 misses | |
| [ 3833.409588] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: munmap syscall, 3 misses | |
| [ 3833.409727] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit_group syscall, 7 misses | |
| [ 3833.410310] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: wait4 syscall, 8 misses | |
| [ 3833.410689] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, 9 misses | |
| [ 3833.410812] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, 11 misses | |
| [ 3833.410874] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 9 misses | |
| [ 3833.410906] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, 8 misses | |
| [ 3833.410975] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, 8 misses | |
| [ 3833.411016] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, 5 misses | |
| [ 3833.529266] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: write syscall, 1 misses | |
| [ 3833.529357] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: write syscall, 1 misses | |
| [ 3833.529402] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, 1 misses | |
| [ 3833.529417] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: write syscall, 1 misses | |
| [ 3833.529448] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: write syscall, 1 misses | |
| [ 3833.529458] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, 1 misses | |
| [ 3833.535361] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, 1 misses | |
| [ 3833.535492] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 1 misses | |
| [ 3833.535520] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, 1 misses | |
| [ 3833.542469] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, 1 misses | |
| [ 3833.575738] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, 1 misses | |
| [ 3833.575796] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 1 misses | |
| [ 3833.575821] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, 2 misses | |
| [ 3833.575872] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, 2 misses | |
| [ 3836.585624] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 1 misses | |
| [ 3836.587545] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 1 misses | |
| [ 3836.587570] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, 2 misses | |
| [ 3836.589666] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: fstat syscall, 3 misses | |
| [ 3836.589747] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, 5 misses | |
| [ 3836.589791] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 5 misses | |
| [ 3836.589810] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, 1 misses | |
| [ 3836.589850] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, 2 misses | |
| [ 3836.589874] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, 3 misses | |
| [ 3836.589892] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 3 misses | |
| [ 3840.968794] Execve: /usr/bin/sudo, ./target | |
| [ 3840.979330] Execve: ./target, iOjcP1MQc6LNmZiwE0z2 | |
| [ 3840.979542] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: execve syscall, 4 misses | |
| [ 3840.979716] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, 3 misses | |
| [ 3840.979721] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: close syscall, 2 misses | |
| [ 3840.979739] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mmap syscall, 1 misses | |
| [ 3840.979770] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mmap syscall, 1 misses | |
| [ 3840.979774] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mmap syscall, 1 misses | |
| [ 3842.958967] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: fstat syscall, 1 misses | |
| [ 3842.959533] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, 1 misses | |
| [ 3842.959598] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, 1 misses | |
| [ 3842.959792] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, 4 misses | |
| [ 3842.959915] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, 3 misses | |
| [ 3842.959964] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, 2 misses | |
| [ 3842.960056] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, 1 misses | |
| [ 3842.963210] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: brk syscall, 2 misses | |
| [ 3842.963675] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: brk syscall, 3 misses | |
| [ 3842.965932] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, 3 misses | |
| [ 3842.966013] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, 3 misses | |
| [ 3842.971262] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, 1 misses | |
| [ 3842.971374] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: munmap syscall, 3 misses | |
| [ 3842.971430] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: munmap syscall, 6 misses | |
| [ 3842.971451] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: munmap syscall, 5 misses | |
| [ 3842.971553] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit_group syscall, 4 misses | |
| [ 3842.972832] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: wait4 syscall, 4 misses | |
| [ 3842.973770] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: write syscall, 2 misses | |
| [ 3842.986367] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, 1 misses | |
| [ 3842.987507] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, 1 misses | |
| [ 3842.989253] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, 4 misses | |
| [ 3842.989301] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, 2 misses | |
| [ 3842.989323] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, 2 misses | |
| [ 3842.989366] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, 2 misses | |
| [ 3844.882783] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mprotect syscall, 1 misses | |
| [ 3844.882834] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mprotect syscall, 1 misses | |
| [ 3844.883088] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: write syscall, 1 misses | |
| [ 3844.886338] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, 1 misses | |
| [ 3844.886390] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, 1 misses | |
| [ 3844.886412] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, 1 misses | |
| [ 3844.886459] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, 1 misses | |
| [ 3844.886489] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, 1 misses | |
| [ 3844.886512] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, 1 misses | |
| [ 3845.985025] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mprotect syscall, 1 misses | |
| [ 3845.985040] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mprotect syscall, 2 misses | |
| [ 3845.985045] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mprotect syscall, 3 misses | |
| [ 3852.269177] Execve: /usr/bin/sudo, ./target | |
| [ 3852.272108] [+] Anomaly found: munmap syscall, 1 misses | |
| [ 3852.272281] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3852.272303] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3852.272310] [+] Anomaly found: read syscall, 1 misses | |
| [ 3852.272325] [+] Anomaly found: read syscall, 1 misses | |
| [ 3852.274929] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3852.275010] [+] Anomaly found: read syscall, 1 misses | |
| [ 3852.275030] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3852.275074] [+] Anomaly found: clone syscall, 1 misses | |
| [ 3852.275106] [+] Anomaly found: read syscall, 1 misses | |
| [ 3852.275115] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3852.275142] [+] Anomaly found: exit syscall, 1 misses | |
| [ 3852.277930] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3852.278035] [+] Anomaly found: read syscall, 1 misses | |
| [ 3852.278068] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3852.280630] [+] Anomaly found: exit syscall, 2 misses | |
| [ 3852.280725] [+] Anomaly found: clone syscall, 1 misses | |
| [ 3852.280763] [+] Anomaly found: read syscall, 1 misses | |
| [ 3852.285405] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3852.285417] [+] Anomaly found: read syscall, 1 misses | |
| [ 3852.285524] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3852.285623] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3852.285633] [+] Anomaly found: read syscall, 1 misses | |
| [ 3852.285675] [+] Anomaly found: read syscall, 1 misses | |
| [ 3852.287375] [+] Anomaly found: exit syscall, 1 misses | |
| [ 3852.287466] [+] Anomaly found: write syscall, 1 misses | |
| [ 3852.287490] [+] Anomaly found: write syscall, 1 misses | |
| [ 3852.287502] [+] Anomaly found: read syscall, 1 misses | |
| [ 3852.287794] [+] Anomaly found: write syscall, 1 misses | |
| [ 3852.287882] [+] Anomaly found: read syscall, 1 misses | |
| [ 3852.291213] [+] Anomaly found: clone syscall, 3 misses | |
| [ 3852.291249] [+] Anomaly found: read syscall, 2 misses | |
| [ 3852.291259] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3852.294855] [+] Anomaly found: fstat syscall, 4 misses | |
| [ 3852.295705] [+] Anomaly found: read syscall, 3 misses | |
| [ 3852.295734] [+] Anomaly found: openat syscall, 3 misses | |
| [ 3852.295919] [+] Anomaly found: mmap syscall, 6 misses | |
| [ 3852.295947] [+] Anomaly found: munmap syscall, 8 misses | |
| [ 3852.295960] [+] Anomaly found: close syscall, 6 misses | |
| [ 3852.296478] [+] Anomaly found: close syscall, 2 misses | |
| [ 3852.296499] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3852.296512] [+] Anomaly found: fstat syscall, 2 misses | |
| [ 3852.300859] [+] Anomaly found: exit syscall, 1 misses | |
| [ 3852.301496] [+] Anomaly found: clone syscall, 4 misses | |
| [ 3852.301722] [+] Anomaly found: read syscall, 4 misses | |
| [ 3852.301799] [+] Anomaly found: openat syscall, 4 misses | |
| [ 3852.302002] [+] Anomaly found: exit syscall, 3 misses | |
| [ 3852.302226] [+] Anomaly found: clone syscall, 1 misses | |
| [ 3852.303172] [+] Anomaly found: close syscall, 1 misses | |
| [ 3852.303193] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3852.303646] [+] Anomaly found: exit syscall, 2 misses | |
| [ 3852.303731] [+] Anomaly found: read syscall, 1 misses | |
| [ 3852.303741] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3852.303767] [+] Anomaly found: clone syscall, 1 misses | |
| [ 3852.303788] [+] Anomaly found: read syscall, 1 misses | |
| [ 3852.303796] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3852.303832] [+] Anomaly found: close syscall, 2 misses | |
| [ 3852.304102] Execve: ./target, H2mvQoIOuxb3syz45GA7 | |
| [ 3852.753466] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: write syscall, 1 misses | |
| [ 3852.754878] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: write syscall, 2 misses | |
| [ 3852.754894] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, 2 misses | |
| [ 3852.754907] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, 2 misses | |
| [ 3852.754917] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: write syscall, 2 misses | |
| [ 3852.755031] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, 2 misses | |
| [ 3854.014291] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: brk syscall, 2 misses | |
| [ 3854.015566] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, 2 misses | |
| [ 3854.015705] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, 2 misses | |
| [ 3854.019885] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, 2 misses | |
| [ 3854.019956] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: write syscall, 2 misses | |
| [ 3854.020960] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: mmap syscall, 2 misses | |
| [ 3854.021173] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, 3 misses | |
| [ 3854.021220] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, 1 misses | |
| [ 3854.021239] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, 1 misses | |
| [ 3854.021282] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit syscall, 2 misses | |
| [ 3854.021307] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, 3 misses | |
| [ 3854.021326] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, 3 misses | |
| [ 3857.260772] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: close syscall, 1 misses | |
| [ 3857.260791] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: rename syscall, 5 misses | |
| [ 3857.261915] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: write syscall, 5 misses | |
| [ 3857.261955] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, 4 misses | |
| [ 3857.262032] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: write syscall, 3 misses | |
| [ 3857.262063] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: write syscall, 2 misses | |
| [ 3857.271809] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit syscall, 1 misses | |
| [ 3857.275545] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, 1 misses | |
| [ 3857.277084] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: fstat syscall, 3 misses | |
| [ 3857.277153] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, 2 misses | |
| [ 3857.277194] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, 1 misses | |
| [ 3857.277213] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, 1 misses | |
| [ 3857.277254] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit syscall, 2 misses | |
| [ 3857.277315] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, 3 misses | |
| [ 3857.277337] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, 3 misses | |
| [ 3861.487045] Execve: /usr/bin/sudo, ./target | |
| [ 3861.488326] [+] Anomaly found: write syscall, 1 misses | |
| [ 3861.488348] [+] Anomaly found: read syscall, 2 misses | |
| [ 3861.488662] [+] Anomaly found: read syscall, 3 misses | |
| [ 3861.488684] [+] Anomaly found: write syscall, 4 misses | |
| [ 3861.494405] [+] Anomaly found: brk syscall, 1 misses | |
| [ 3861.496770] [+] Anomaly found: exit syscall, 1 misses | |
| [ 3861.497905] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3861.497915] [+] Anomaly found: mmap syscall, 2 misses | |
| [ 3861.497930] [+] Anomaly found: close syscall, 2 misses | |
| [ 3861.498420] [+] Anomaly found: clone syscall, 3 misses | |
| [ 3861.498491] [+] Anomaly found: read syscall, 3 misses | |
| [ 3861.498510] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3861.498548] [+] Anomaly found: exit syscall, 3 misses | |
| [ 3861.498583] [+] Anomaly found: clone syscall, 4 misses | |
| [ 3861.498603] [+] Anomaly found: read syscall, 1 misses | |
| [ 3861.499374] [+] Anomaly found: clone syscall, 2 misses | |
| [ 3861.499396] [+] Anomaly found: read syscall, 1 misses | |
| [ 3861.502883] [+] Anomaly found: munmap syscall, 1 misses | |
| [ 3861.503129] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3861.503146] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3861.503152] [+] Anomaly found: mmap syscall, 1 misses | |
| [ 3861.503162] [+] Anomaly found: close syscall, 1 misses | |
| [ 3861.507580] [+] Anomaly found: write syscall, 1 misses | |
| [ 3861.507660] [+] Anomaly found: write syscall, 1 misses | |
| [ 3861.507688] [+] Anomaly found: write syscall, 1 misses | |
| [ 3861.507714] [+] Anomaly found: read syscall, 1 misses | |
| [ 3861.507733] [+] Anomaly found: read syscall, 1 misses | |
| [ 3861.507790] [+] Anomaly found: write syscall, 1 misses | |
| [ 3861.513230] [+] Anomaly found: clone syscall, 3 misses | |
| [ 3861.513276] [+] Anomaly found: read syscall, 3 misses | |
| [ 3861.513297] [+] Anomaly found: openat syscall, 3 misses | |
| [ 3861.513342] [+] Anomaly found: exit syscall, 2 misses | |
| [ 3861.513373] [+] Anomaly found: clone syscall, 3 misses | |
| [ 3861.513396] [+] Anomaly found: read syscall, 1 misses | |
| [ 3861.516454] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3861.516477] [+] Anomaly found: read syscall, 1 misses | |
| [ 3861.516484] [+] Anomaly found: close syscall, 1 misses | |
| [ 3861.516730] [+] Anomaly found: mmap syscall, 2 misses | |
| [ 3861.520450] [+] Anomaly found: exit syscall, 2 misses | |
| [ 3861.521434] [+] Anomaly found: mprotect syscall, 2 misses | |
| [ 3861.521527] [+] Anomaly found: mmap syscall, 3 misses | |
| [ 3861.521641] [+] Anomaly found: close syscall, 2 misses | |
| [ 3861.521896] [+] Anomaly found: clone syscall, 2 misses | |
| [ 3861.521941] [+] Anomaly found: read syscall, 2 misses | |
| [ 3861.521963] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3861.522009] [+] Anomaly found: exit syscall, 3 misses | |
| [ 3861.522044] [+] Anomaly found: clone syscall, 4 misses | |
| [ 3861.522066] [+] Anomaly found: read syscall, 1 misses | |
| [ 3861.527830] [+] Anomaly found: munmap syscall, 2 misses | |
| [ 3861.527945] [+] Anomaly found: munmap syscall, 2 misses | |
| [ 3861.527960] [+] Anomaly found: munmap syscall, 3 misses | |
| [ 3861.528087] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3861.529445] [+] Anomaly found: exit syscall, 5 misses | |
| [ 3861.529483] [+] Anomaly found: read syscall, 4 misses | |
| [ 3861.529509] [+] Anomaly found: openat syscall, 3 misses | |
| [ 3861.529517] [+] Anomaly found: read syscall, 2 misses | |
| [ 3861.529523] [+] Anomaly found: fstat syscall, 2 misses | |
| [ 3861.529529] [+] Anomaly found: mmap syscall, 3 misses | |
| [ 3861.529538] [+] Anomaly found: mprotect syscall, 2 misses | |
| [ 3861.537557] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3861.537672] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3861.537691] [+] Anomaly found: fstat syscall, 4 misses | |
| [ 3861.537698] [+] Anomaly found: mmap syscall, 2 misses | |
| [ 3861.541091] [+] Anomaly found: exit syscall, 1 misses | |
| [ 3861.541193] [+] Anomaly found: clone syscall, 1 misses | |
| [ 3861.541235] [+] Anomaly found: read syscall, 1 misses | |
| [ 3861.544672] [+] Anomaly found: fstat syscall, 4 misses | |
| [ 3861.544691] [+] Anomaly found: read syscall, 3 misses | |
| [ 3861.544779] [+] Anomaly found: read syscall, 2 misses | |
| [ 3861.544804] [+] Anomaly found: close syscall, 3 misses | |
| [ 3861.544816] [+] Anomaly found: openat syscall, 3 misses | |
| [ 3861.544835] [+] Anomaly found: fstat syscall, 1 misses | |
| [ 3861.547350] [+] Anomaly found: exit syscall, 2 misses | |
| [ 3861.548402] [+] Anomaly found: read syscall, 1 misses | |
| [ 3861.548428] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3861.548486] [+] Anomaly found: clone syscall, 1 misses | |
| [ 3861.548525] [+] Anomaly found: read syscall, 1 misses | |
| [ 3861.548537] [+] Anomaly found: openat syscall, 2 misses | |
| [ 3861.548571] [+] Anomaly found: exit syscall, 2 misses | |
| [ 3861.551592] [+] Anomaly found: clone syscall, 2 misses | |
| [ 3861.551762] [+] Anomaly found: read syscall, 2 misses | |
| [ 3861.552361] [+] Anomaly found: openat syscall, 3 misses | |
| [ 3861.552898] [+] Anomaly found: close syscall, 3 misses | |
| [ 3861.555680] [+] Anomaly found: exit syscall, 2 misses | |
| [ 3861.555789] [+] Anomaly found: clone syscall, 1 misses | |
| [ 3861.555848] [+] Anomaly found: read syscall, 1 misses | |
| [ 3861.560518] [+] Anomaly found: close syscall, 1 misses | |
| [ 3861.560529] [+] Anomaly found: openat syscall, 1 misses | |
| [ 3861.560690] Execve: ./target, IBRNHiQTAMYfud7RonH9 | |
| [ 3861.563745] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: exit syscall, 3 misses | |
| [ 3861.563855] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: read syscall, 3 misses | |
| [ 3861.563862] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: close syscall, 4 misses | |
| [ 3861.564043] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: mmap syscall, 4 misses | |
| [ 3861.564154] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: mmap syscall, 1 misses | |
| [ 3861.564765] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: mmap syscall, 2 misses | |
| [ 3861.564972] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: mprotect syscall, 2 misses | |
| [ 3861.565482] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: clone syscall, 3 misses | |
| [ 3861.565528] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: read syscall, 3 misses | |
| [ 3861.565549] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: openat syscall, 2 misses | |
| [ 3861.565593] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: exit syscall, 3 misses | |
| [ 3861.565628] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: clone syscall, 5 misses | |
| [ 3861.565650] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: read syscall, 3 misses | |
| [ 3861.565763] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: clone syscall, 1 misses | |
| [ 3861.565781] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: read syscall, 1 misses | |
| [ 3861.565788] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: openat syscall, 2 misses | |
| [ 3861.565812] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: exit syscall, 2 misses | |
| [ 3861.572432] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: fstat syscall, 1 misses | |
| [ 3861.572455] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: mmap syscall, 1 misses | |
| [ 3861.572519] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: mmap syscall, 2 misses | |
| [ 3861.575602] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: exit syscall, 2 misses | |
| [ 3861.575690] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: clone syscall, 2 misses | |
| [ 3861.575725] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: read syscall, 2 misses | |
| [ 3861.580433] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: brk syscall, 1 misses | |
| [ 3861.581157] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: brk syscall, 3 misses | |
| [ 3861.581868] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: read syscall, 2 misses | |
| [ 3861.581884] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: read syscall, 2 misses | |
| [ 3861.582422] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: exit syscall, 2 misses | |
| [ 3861.585332] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: clone syscall, 1 misses | |
| [ 3861.585381] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: read syscall, 1 misses | |
| [ 3861.585403] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: openat syscall, 1 misses | |
| [ 3861.585451] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: exit syscall, 1 misses | |
| [ 3861.585485] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: clone syscall, 1 misses | |
| [ 3861.585508] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: read syscall, 1 misses | |
| [ 3861.592335] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: fstat syscall, 1 misses | |
| [ 3861.592349] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: write syscall, 1 misses | |
| [ 3861.592393] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: write syscall, 1 misses | |
| [ 3861.597580] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: clone syscall, 1 misses | |
| [ 3861.597625] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: read syscall, 1 misses | |
| [ 3861.597644] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: openat syscall, 1 misses | |
| [ 3861.597690] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: exit syscall, 1 misses | |
| [ 3861.597722] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: clone syscall, 1 misses | |
| [ 3861.597744] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: read syscall, 1 misses | |
| [ 3861.603763] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: brk syscall, 1 misses | |
| [ 3861.604134] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: brk syscall, 2 misses | |
| [ 3861.604217] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: write syscall, 2 misses | |
| [ 3861.604226] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: read syscall, 2 misses | |
| [ 3861.604237] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: write syscall, 2 misses | |
| [ 3861.604241] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: write syscall, 2 misses | |
| [ 3863.546599] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: openat syscall, 1 misses | |
| [ 3863.546619] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: fstat syscall, 2 misses | |
| [ 3863.546624] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: read syscall, 2 misses | |
| [ 3863.546632] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: close syscall, 3 misses | |
| [ 3863.546647] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: openat syscall, 4 misses | |
| [ 3863.546653] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: fstat syscall, 5 misses | |
| [ 3863.547350] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: wait4 syscall, 1 misses | |
| [ 3863.547490] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: brk syscall, 2 misses | |
| [ 3863.547508] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: brk syscall, 3 misses | |
| [ 3863.547871] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: write syscall, 4 misses | |
| [ 3863.547915] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: write syscall, 5 misses | |
| [ 3863.547922] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: read syscall, 4 misses | |
| [ 3863.547927] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: read syscall, 4 misses | |
| [ 3863.551935] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: exit syscall, 1 misses | |
| [ 3866.870383] Execve: /usr/bin/sudo, rmmod | |
| [ 3866.880235] Execve: /sbin/rmmod, hooks.ko | |
| [ 3866.880447] [+] Anomaly found: hooks.ko: brk syscall, 1 misses | |
| [ 3866.880497] [+] Anomaly found: hooks.ko: openat syscall, 1 misses | |
| [ 3866.880504] [+] Anomaly found: hooks.ko: fstat syscall, 2 misses | |
| [ 3866.880508] [+] Anomaly found: hooks.ko: mmap syscall, 2 misses | |
| [ 3866.893401] [+] onunload: sys_call_table unhooked | |
| [ 3866.893447] DB nodes freed: 906 | |
| [ 3866.893448] Syscalls counts: 2074203, Syscalls misses: 3557 | |
| [ 3866.893450] Trace nodes freed: 7 | |
| [ 3866.893451] Unloading complete! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment