Skip to content

Instantly share code, notes, and snippets.

@alastairparagas

alastairparagas/700-2.log

Last active June 21, 2020 23:09
Show Gist options
  • Save alastairparagas/2f33b71b722e54136cdab7502c4858d6 to your computer and use it in GitHub Desktop.
Save alastairparagas/2f33b71b722e54136cdab7502c4858d6 to your computer and use it in GitHub Desktop.
Download ZIP
700
Raw
700-2.log
[ 4191.895970] Anomaly Detection (Kernel Hook) - Alastair Paragas
[ 4191.904591] Syscall table address: 00000000c0647077
[ 4191.904595] sizeof(unsigned long long *): 8
[ 4191.904595] sizeof(sys_call_table) : 8
[ 4203.278393] Execve: /usr/bin/sudo, ./target
[ 4203.289339] Execve: ./target, rJgVdaRJqFc7fiCE7Q6M
[ 4216.942554] Execve: /usr/bin/sudo, ./target
[ 4216.952836] Execve: ./target, DR8wEkyRevYXlZMWvmvg
[ 4225.844816] Execve: /usr/bin/sudo, ./target
[ 4225.853263] Execve: ./target, ZeFeXLPHJNzfEwFBrhiW
[ 4237.905525] Execve: /usr/bin/sudo, ./target
[ 4237.917502] Execve: ./target, 7K2WZ67HF4ETsMIyeOiU
[ 4246.690093] Execve: /usr/bin/sudo, ./target
[ 4246.700277] Execve: ./target, vULPKZelg89oZAdN0epB
[ 4251.207725] [+] Anomaly found: vULPKZelg89oZAdN0epB: rename syscall, read->write->write->read->read->close->rename trace
[ 4251.208780] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, write->write->read->read->close->rename->read trace
[ 4251.209848] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, write->read->read->close->rename->read->read trace
[ 4251.209875] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, read->read->close->rename->read->read->openat trace
[ 4251.209950] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, read->close->rename->read->read->openat->clone trace
[ 4251.209992] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, close->rename->read->read->openat->clone->read trace
[ 4251.210002] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, rename->read->read->openat->clone->read->openat trace
[ 4251.210033] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, read->read->openat->clone->read->openat->exit trace
[ 4251.210072] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 4251.210090] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 4251.215596] [+] Anomaly found: vULPKZelg89oZAdN0epB: mprotect syscall, exit->clone->read->openat->exit->clone->mprotect trace
[ 4251.215648] [+] Anomaly found: vULPKZelg89oZAdN0epB: mprotect syscall, clone->read->openat->exit->clone->mprotect->mprotect trace
[ 4251.218644] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, read->openat->exit->clone->mprotect->mprotect->read trace
[ 4251.218678] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, openat->exit->clone->mprotect->mprotect->read->openat trace
[ 4251.221224] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, exit->clone->mprotect->mprotect->read->openat->exit trace
[ 4251.221308] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, clone->mprotect->mprotect->read->openat->exit->clone trace
[ 4251.221346] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, mprotect->mprotect->read->openat->exit->clone->read trace
[ 4251.221368] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, mprotect->read->openat->exit->clone->read->openat trace
[ 4251.228781] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, exit->clone->read->openat->exit->clone->exit trace
[ 4251.229751] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, clone->read->openat->exit->clone->exit->read trace
[ 4251.229778] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, read->openat->exit->clone->exit->read->openat trace
[ 4251.231420] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, openat->exit->clone->exit->read->openat->clone trace
[ 4251.231463] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, exit->clone->exit->read->openat->clone->read trace
[ 4251.231483] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, clone->exit->read->openat->clone->read->openat trace
[ 4251.231525] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, exit->read->openat->clone->read->openat->exit trace
[ 4251.231550] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 4251.231568] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 4251.241103] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, exit->clone->read->openat->exit->clone->exit trace
[ 4251.241763] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, clone->read->openat->exit->clone->exit->read trace
[ 4255.491851] Execve: /usr/bin/sudo, ./target
[ 4255.502177] Execve: ./target, q4fw1kn34W19Ne7qpfZI
[ 4259.909407] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: rename syscall, write->read->write->read->read->close->rename trace
[ 4259.909734] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, read->write->read->read->close->rename->read trace
[ 4259.909760] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, write->read->read->close->rename->read->openat trace
[ 4259.910132] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, read->read->close->rename->read->openat->clone trace
[ 4259.910180] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, read->close->rename->read->openat->clone->read trace
[ 4259.910197] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, close->rename->read->openat->clone->read->openat trace
[ 4259.910236] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, rename->read->openat->clone->read->openat->exit trace
[ 4264.180329] Execve: /usr/bin/sudo, ./target
[ 4264.185959] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: fstat syscall, close->openat->fstat->mmap->fstat->munmap->fstat trace
[ 4264.186032] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, openat->fstat->mmap->fstat->munmap->fstat->read trace
[ 4264.186051] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, fstat->mmap->fstat->munmap->fstat->read->openat trace
[ 4264.186086] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, mmap->fstat->munmap->fstat->read->openat->clone trace
[ 4264.186116] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, fstat->munmap->fstat->read->openat->clone->read trace
[ 4264.186126] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, munmap->fstat->read->openat->clone->read->openat trace
[ 4264.186155] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, fstat->read->openat->clone->read->openat->exit trace
[ 4264.186965] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: close syscall, exit->clone->read->openat->exit->clone->close trace
[ 4264.188345] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, clone->read->openat->exit->clone->close->read trace
[ 4264.188483] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, read->openat->exit->clone->close->read->openat trace
[ 4264.189432] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, openat->exit->clone->close->read->openat->openat trace
[ 4264.189461] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: fstat syscall, exit->clone->close->read->openat->openat->fstat trace
[ 4264.189471] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: mmap syscall, clone->close->read->openat->openat->fstat->mmap trace
[ 4264.191622] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, fstat->mmap->mprotect->mmap->close->openat->exit trace
[ 4264.191707] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, mmap->mprotect->mmap->close->openat->exit->clone trace
[ 4264.191744] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, mprotect->mmap->close->openat->exit->clone->read trace
[ 4264.191764] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, mmap->close->openat->exit->clone->read->openat trace
[ 4264.191808] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, close->openat->exit->clone->read->openat->exit trace
[ 4264.195489] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, read->openat->exit->clone->read->fstat->read trace
[ 4264.196445] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: write syscall, openat->exit->clone->read->fstat->read->write trace
[ 4264.196467] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, exit->clone->read->fstat->read->write->read trace
[ 4264.200753] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: fstat syscall, read->read->read->write->read->read->openat trace
[ 4264.203406] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, close->openat->fstat->mmap->munmap->close->exit trace
[ 4264.203491] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, openat->fstat->mmap->munmap->close->exit->clone trace
[ 4264.203528] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, fstat->mmap->munmap->close->exit->clone->read trace
[ 4264.203550] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, mmap->munmap->close->exit->clone->read->openat trace
[ 4264.203596] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, munmap->close->exit->clone->read->openat->exit trace
[ 4264.203619] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, close->exit->clone->read->openat->exit->clone trace
[ 4264.206465] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: fstat syscall, clone->read->openat->exit->clone->openat->fstat trace
[ 4264.206478] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: mmap syscall, read->openat->exit->clone->openat->fstat->mmap trace
[ 4264.207793] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, openat->exit->clone->openat->fstat->mmap->read trace
[ 4264.207830] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, exit->clone->openat->fstat->mmap->read->openat trace
[ 4264.208838] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: munmap syscall, clone->openat->fstat->mmap->read->openat->munmap trace
[ 4264.208879] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: close syscall, openat->fstat->mmap->read->openat->munmap->close trace
[ 4264.208911] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, fstat->mmap->read->openat->munmap->close->openat trace
[ 4264.208933] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: fstat syscall, mmap->read->openat->munmap->close->openat->fstat trace
[ 4264.208944] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: mmap syscall, read->openat->munmap->close->openat->fstat->mmap trace
[ 4264.209932] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: munmap syscall, openat->munmap->close->openat->fstat->mmap->munmap trace
[ 4264.212134] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, mprotect->mmap->close->mprotect->openat->fstat->exit trace
[ 4264.212239] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, mmap->close->mprotect->openat->fstat->exit->clone trace
[ 4264.212298] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, close->mprotect->openat->fstat->exit->clone->read trace
[ 4264.212325] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, mprotect->openat->fstat->exit->clone->read->openat trace
[ 4264.212382] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, openat->fstat->exit->clone->read->openat->exit trace
[ 4264.212414] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, fstat->exit->clone->read->openat->exit->clone trace
[ 4264.220510] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: fstat syscall, openat->exit->clone->read->openat->read->fstat trace
[ 4264.221070] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: mmap syscall, exit->clone->read->openat->read->fstat->mmap trace
[ 4264.221099] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: mprotect syscall, clone->read->openat->read->fstat->mmap->mprotect trace
[ 4264.224523] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, mmap->mmap->close->mprotect->read->openat->exit trace
[ 4264.224627] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, mmap->close->mprotect->read->openat->exit->clone trace
[ 4264.224677] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, close->mprotect->read->openat->exit->clone->read trace
[ 4264.241454] Execve: ./target, Z08SXrUu9lhMVRVWZ0Pn
[ 4274.367679] Execve: /usr/bin/sudo, ./target
[ 4274.376228] Execve: ./target, A6WoRXruEMEz89YBRK4v
[ 4276.310947] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: wait4 syscall, read->write->read->write->read->read->wait4 trace
[ 4276.313429] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, munmap->munmap->munmap->munmap->exit_group->read->openat trace
[ 4276.313521] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, munmap->munmap->munmap->exit_group->read->openat->clone trace
[ 4276.313570] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, munmap->munmap->exit_group->read->openat->clone->read trace
[ 4276.313586] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, munmap->exit_group->read->openat->clone->read->openat trace
[ 4276.313631] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: exit syscall, exit_group->read->openat->clone->read->openat->exit trace
[ 4276.320132] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: wait4 syscall, exit->clone->read->openat->exit->clone->wait4 trace
[ 4276.321030] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: write syscall, clone->read->openat->exit->clone->wait4->write trace
[ 4276.321221] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: write syscall, read->openat->exit->clone->wait4->write->write trace
[ 4276.321238] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, openat->exit->clone->wait4->write->write->read trace
[ 4276.321245] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, exit->clone->wait4->write->write->read->read trace
[ 4276.321308] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: write syscall, clone->wait4->write->write->read->read->write trace
[ 4276.343331] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: exit syscall, clone->read->openat->exit->clone->read->exit trace
[ 4276.344442] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: write syscall, read->openat->exit->clone->read->exit->write trace
[ 4276.344465] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, openat->exit->clone->read->exit->write->read trace
[ 4276.345137] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: write syscall, exit->clone->read->exit->write->read->write trace
[ 4276.345277] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, clone->read->exit->write->read->write->read trace
[ 4276.347115] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, write->write->read->write->write->read->clone trace
[ 4276.347251] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, write->read->clone->read->openat->exit->clone trace
[ 4278.878984] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: mprotect syscall, write->write->read->close->rename->write->mprotect trace
[ 4278.879022] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: mprotect syscall, write->read->close->rename->write->mprotect->mprotect trace
[ 4278.879788] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: write syscall, read->close->rename->write->mprotect->mprotect->write trace
[ 4278.879993] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, close->rename->write->mprotect->mprotect->write->read trace
[ 4278.880020] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, rename->write->mprotect->mprotect->write->read->openat trace
[ 4278.881853] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, mprotect->write->read->openat->read->write->clone trace
[ 4278.887226] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: write syscall, read->openat->exit->clone->read->read->write trace
[ 4278.887324] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: write syscall, openat->exit->clone->read->read->write->write trace
[ 4278.887332] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: write syscall, exit->clone->read->read->write->write->write trace
[ 4278.887345] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, clone->read->read->write->write->write->read trace
[ 4278.888624] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: exit syscall, write->write->read->read->read->openat->exit trace
[ 4278.888706] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, write->read->read->read->openat->exit->clone trace
[ 4278.888745] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, read->read->read->openat->exit->clone->read trace
[ 4278.888764] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, read->read->openat->exit->clone->read->openat trace
[ 4282.887383] Execve: /usr/bin/sudo, ./target
[ 4282.898886] Execve: ./target, GSHGSSQCtwnukMSFSMUo
[ 4284.839866] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: wait4 syscall, munmap->exit_group->write->read->write->read->wait4 trace
[ 4284.840281] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, exit_group->write->read->write->read->wait4->write trace
[ 4284.841515] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, write->read->write->read->wait4->write->read trace
[ 4284.841617] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, read->write->read->wait4->write->read->openat trace
[ 4284.841775] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, write->read->wait4->write->read->openat->clone trace
[ 4284.841828] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, read->wait4->write->read->openat->clone->read trace
[ 4284.841849] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, wait4->write->read->openat->clone->read->openat trace
[ 4294.399676] Execve: /usr/bin/sudo, ./target
[ 4294.409741] Execve: ./target, hPgukk0ZQaDx2J5mb0hO
[ 4303.019296] Execve: /usr/bin/sudo, ./target
[ 4303.028082] Execve: ./target, dXjO1qNOb3I3OFvlJKy2
[ 4304.810078] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: wait4 syscall, write->write->write->read->read->write->wait4 trace
[ 4304.810614] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, write->write->read->read->write->wait4->write trace
[ 4304.810685] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, write->read->read->write->wait4->write->write trace
[ 4304.810692] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, read->read->write->wait4->write->write->read trace
[ 4304.810697] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, read->write->wait4->write->write->read->read trace
[ 4304.810701] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, write->wait4->write->write->read->read->write trace
[ 4312.899900] Execve: /usr/bin/sudo, ./target
[ 4312.910586] Execve: ./target, 7dM3nU58rlXLP8VhY7PQ
[ 4312.911737] Execve: /bin/sh, yarr
[ 4312.912493] [+] Anomaly found: yarr: exit_group syscall, write->write->read->read->write->read->exit_group trace
[ 4312.912573] [+] Anomaly found: yarr: write syscall, write->read->read->write->read->exit_group->write trace
[ 4312.912585] [+] Anomaly found: yarr: read syscall, read->read->write->read->exit_group->write->read trace
[ 4312.912590] [+] Anomaly found: yarr: read syscall, read->write->read->exit_group->write->read->read trace
[ 4312.912599] [+] Anomaly found: yarr: wait4 syscall, write->read->exit_group->write->read->read->wait4 trace
[ 4312.912630] [+] Anomaly found: yarr: close syscall, read->exit_group->write->read->read->wait4->close trace
[ 4312.924212] [+] Anomaly found: yarr: wait4 syscall, clone->read->openat->exit->clone->read->wait4 trace
[ 4312.925249] [+] Anomaly found: yarr: write syscall, read->openat->exit->clone->read->wait4->write trace
[ 4312.925305] [+] Anomaly found: yarr: write syscall, openat->exit->clone->read->wait4->write->write trace
[ 4312.925315] [+] Anomaly found: yarr: read syscall, exit->clone->read->wait4->write->write->read trace
[ 4312.925323] [+] Anomaly found: yarr: read syscall, clone->read->wait4->write->write->read->read trace
[ 4312.927824] [+] Anomaly found: yarr: exit syscall, read->read->write->read->read->openat->exit trace
[ 4312.929162] [+] Anomaly found: yarr: read syscall, read->write->read->read->openat->exit->read trace
[ 4312.929648] [+] Anomaly found: yarr: clone syscall, write->read->read->openat->exit->read->clone trace
[ 4312.929688] [+] Anomaly found: yarr: read syscall, read->read->openat->exit->read->clone->read trace
[ 4312.929708] [+] Anomaly found: yarr: openat syscall, read->openat->exit->read->clone->read->openat trace
[ 4312.929749] [+] Anomaly found: yarr: exit syscall, openat->exit->read->clone->read->openat->exit trace
[ 4312.929772] [+] Anomaly found: yarr: clone syscall, exit->read->clone->read->openat->exit->clone trace
[ 4312.937766] [+] Anomaly found: yarr: write syscall, read->openat->exit->clone->write->read->write trace
[ 4312.937929] [+] Anomaly found: yarr: write syscall, openat->exit->clone->write->read->write->write trace
[ 4312.937936] [+] Anomaly found: yarr: write syscall, exit->clone->write->read->write->write->write trace
[ 4312.938038] [+] Anomaly found: yarr: read syscall, clone->write->read->write->write->write->read trace
[ 4312.940291] [+] Anomaly found: yarr: exit syscall, write->write->read->read->read->openat->exit trace
[ 4312.940391] [+] Anomaly found: yarr: clone syscall, write->read->read->read->openat->exit->clone trace
[ 4312.940433] [+] Anomaly found: yarr: read syscall, read->read->read->openat->exit->clone->read trace
[ 4312.940455] [+] Anomaly found: yarr: openat syscall, read->read->openat->exit->clone->read->openat trace
[ 4317.956020] [+] Anomaly found: yarr: close syscall, read->write->read->mmap->mprotect->mprotect->close trace
[ 4317.956040] [+] Anomaly found: yarr: rename syscall, write->read->mmap->mprotect->mprotect->close->rename trace
[ 4317.956553] [+] Anomaly found: yarr: read syscall, read->mmap->mprotect->mprotect->close->rename->read trace
[ 4317.956582] [+] Anomaly found: yarr: openat syscall, mmap->mprotect->mprotect->close->rename->read->openat trace
[ 4317.957598] [+] Anomaly found: yarr: write syscall, mprotect->mprotect->close->rename->read->openat->write trace
[ 4317.957641] [+] Anomaly found: yarr: read syscall, mprotect->close->rename->read->openat->write->read trace
[ 4317.957956] [+] Anomaly found: yarr: write syscall, close->rename->read->openat->write->read->write trace
[ 4317.958016] [+] Anomaly found: yarr: write syscall, rename->read->openat->write->read->write->write trace
[ 4317.958589] [+] Anomaly found: yarr: clone syscall, read->write->write->read->read->fstat->clone trace
[ 4317.958633] [+] Anomaly found: yarr: read syscall, write->write->read->read->fstat->clone->read trace
[ 4317.958651] [+] Anomaly found: yarr: openat syscall, write->read->read->fstat->clone->read->openat trace
[ 4317.958692] [+] Anomaly found: yarr: exit syscall, read->read->fstat->clone->read->openat->exit trace
[ 4317.958722] [+] Anomaly found: yarr: clone syscall, read->fstat->clone->read->openat->exit->clone trace
[ 4317.958741] [+] Anomaly found: yarr: read syscall, fstat->clone->read->openat->exit->clone->read trace
[ 4317.965487] [+] Anomaly found: yarr: mprotect syscall, clone->read->openat->exit->clone->mprotect->mprotect trace
[ 4317.965504] [+] Anomaly found: yarr: mprotect syscall, read->openat->exit->clone->mprotect->mprotect->mprotect trace
[ 4317.965516] [+] Anomaly found: yarr: mprotect syscall, openat->exit->clone->mprotect->mprotect->mprotect->mprotect trace
[ 4317.965719] [+] Anomaly found: yarr: mprotect syscall, exit->clone->mprotect->mprotect->mprotect->mprotect->mprotect trace
[ 4317.965835] [+] Anomaly found: yarr: mprotect syscall, clone->mprotect->mprotect->mprotect->mprotect->mprotect->mprotect trace
[ 4317.968008] [+] Anomaly found: yarr: exit syscall, mprotect->mprotect->mprotect->mprotect->mprotect->mprotect->exit trace
[ 4317.968046] [+] Anomaly found: yarr: mprotect syscall, mprotect->mprotect->mprotect->mprotect->mprotect->exit->mprotect trace
[ 4317.968055] [+] Anomaly found: yarr: mprotect syscall, mprotect->mprotect->mprotect->mprotect->exit->mprotect->mprotect trace
[ 4317.968148] [+] Anomaly found: yarr: mprotect syscall, mprotect->mprotect->mprotect->exit->mprotect->mprotect->mprotect trace
[ 4317.968158] [+] Anomaly found: yarr: mprotect syscall, mprotect->mprotect->exit->mprotect->mprotect->mprotect->mprotect trace
[ 4317.968164] [+] Anomaly found: yarr: mprotect syscall, mprotect->exit->mprotect->mprotect->mprotect->mprotect->mprotect trace
[ 4317.968171] [+] Anomaly found: yarr: mprotect syscall, exit->mprotect->mprotect->mprotect->mprotect->mprotect->mprotect trace
[ 4317.972908] [+] Anomaly found: yarr: clone syscall, mprotect->mprotect->mprotect->mprotect->read->openat->clone trace
[ 4317.972953] [+] Anomaly found: yarr: read syscall, mprotect->mprotect->mprotect->read->openat->clone->read trace
[ 4317.972975] [+] Anomaly found: yarr: openat syscall, mprotect->mprotect->read->openat->clone->read->openat trace
[ 4317.973019] [+] Anomaly found: yarr: exit syscall, mprotect->read->openat->clone->read->openat->exit trace
[ 4317.981575] [+] Anomaly found: yarr: mprotect syscall, clone->read->openat->exit->clone->mprotect->mprotect trace
[ 4317.981588] [+] Anomaly found: yarr: mprotect syscall, read->openat->exit->clone->mprotect->mprotect->mprotect trace
[ 4317.981597] [+] Anomaly found: yarr: mprotect syscall, openat->exit->clone->mprotect->mprotect->mprotect->mprotect trace
[ 4317.981702] [+] Anomaly found: yarr: mprotect syscall, exit->clone->mprotect->mprotect->mprotect->mprotect->mprotect trace
[ 4317.981713] [+] Anomaly found: yarr: mprotect syscall, clone->mprotect->mprotect->mprotect->mprotect->mprotect->mprotect trace
[ 4317.982797] [+] Anomaly found: yarr: exit syscall, mprotect->mprotect->mprotect->mprotect->mprotect->mprotect->exit trace
[ 4317.983314] [+] Anomaly found: yarr: mprotect syscall, mprotect->mprotect->mprotect->mprotect->mprotect->exit->mprotect trace
[ 4317.983339] [+] Anomaly found: yarr: mprotect syscall, mprotect->mprotect->mprotect->mprotect->exit->mprotect->mprotect trace
[ 4317.984430] [+] Anomaly found: yarr: read syscall, mprotect->mprotect->mprotect->exit->mprotect->mprotect->read trace
[ 4317.984461] [+] Anomaly found: yarr: openat syscall, mprotect->mprotect->exit->mprotect->mprotect->read->openat trace
[ 4317.986232] [+] Anomaly found: yarr: clone syscall, mprotect->exit->mprotect->mprotect->read->openat->clone trace
[ 4317.986275] [+] Anomaly found: yarr: read syscall, exit->mprotect->mprotect->read->openat->clone->read trace
[ 4317.986296] [+] Anomaly found: yarr: openat syscall, mprotect->mprotect->read->openat->clone->read->openat trace
[ 4317.986337] [+] Anomaly found: yarr: exit syscall, mprotect->read->openat->clone->read->openat->exit trace
[ 4318.109233] [+] Anomaly found: yarr: openat syscall, openat->exit->clone->exit->write->read->openat trace
[ 4318.109262] [+] Anomaly found: yarr: read syscall, exit->clone->exit->write->read->openat->read trace
[ 4318.109275] [+] Anomaly found: yarr: read syscall, clone->exit->write->read->openat->read->read trace
[ 4318.115427] [+] Anomaly found: yarr: clone syscall, write->read->clone->read->openat->exit->clone trace
[ 4318.124815] [+] Anomaly found: yarr: exit syscall, clone->read->read->read->read->write->exit trace
[ 4318.125196] [+] Anomaly found: yarr: read syscall, read->read->read->read->write->exit->read trace
[ 4318.125460] [+] Anomaly found: yarr: write syscall, read->read->read->write->exit->read->write trace
[ 4318.125497] [+] Anomaly found: yarr: write syscall, read->read->write->exit->read->write->write trace
[ 4318.132756] [+] Anomaly found: yarr: clone syscall, write->read->clone->read->openat->exit->clone trace
[ 4318.135747] [+] Anomaly found: yarr: write syscall, read->openat->exit->clone->write->write->write trace
[ 4318.135755] [+] Anomaly found: yarr: write syscall, openat->exit->clone->write->write->write->write trace
[ 4318.135823] [+] Anomaly found: yarr: write syscall, exit->clone->write->write->write->write->write trace
[ 4318.135852] [+] Anomaly found: yarr: read syscall, clone->write->write->write->write->write->read trace
[ 4318.138598] [+] Anomaly found: yarr: exit syscall, read->openat->read->read->read->write->exit trace
[ 4318.138682] [+] Anomaly found: yarr: clone syscall, openat->read->read->read->write->exit->clone trace
[ 4318.138719] [+] Anomaly found: yarr: read syscall, read->read->read->write->exit->clone->read trace
[ 4318.138739] [+] Anomaly found: yarr: openat syscall, read->read->write->exit->clone->read->openat trace
[ 4318.138814] [+] Anomaly found: yarr: clone syscall, write->exit->clone->read->openat->exit->clone trace
[ 4318.140758] [+] Anomaly found: yarr: write syscall, read->openat->exit->clone->read->write->write trace
[ 4318.140764] [+] Anomaly found: yarr: write syscall, openat->exit->clone->read->write->write->write trace
[ 4318.140768] [+] Anomaly found: yarr: write syscall, exit->clone->read->write->write->write->write trace
[ 4318.140810] [+] Anomaly found: yarr: write syscall, clone->read->write->write->write->write->write trace
[ 4318.146944] [+] Anomaly found: yarr: exit syscall, read->read->read->read->write->read->exit trace
[ 4318.147034] [+] Anomaly found: yarr: clone syscall, read->read->read->write->read->exit->clone trace
[ 4318.147073] [+] Anomaly found: yarr: read syscall, read->read->write->read->exit->clone->read trace
[ 4318.147093] [+] Anomaly found: yarr: openat syscall, read->write->read->exit->clone->read->openat trace
[ 4318.150654] [+] Anomaly found: yarr: write syscall, read->openat->exit->clone->write->write->write trace
[ 4318.150661] [+] Anomaly found: yarr: write syscall, openat->exit->clone->write->write->write->write trace
[ 4318.150717] [+] Anomaly found: yarr: write syscall, exit->clone->write->write->write->write->write trace
[ 4318.150742] [+] Anomaly found: yarr: read syscall, clone->write->write->write->write->write->read trace
[ 4318.154632] [+] Anomaly found: yarr: clone syscall, write->write->write->write->read->exit->clone trace
[ 4324.797317] Execve: /usr/bin/sudo, ./target
[ 4324.803704] [+] Anomaly found: yarr: fstat syscall, mprotect->mmap->mmap->close->mprotect->mprotect->fstat trace
[ 4324.803783] [+] Anomaly found: yarr: read syscall, mmap->mmap->close->mprotect->mprotect->fstat->read trace
[ 4324.803804] [+] Anomaly found: yarr: openat syscall, mmap->close->mprotect->mprotect->fstat->read->openat trace
[ 4324.803845] [+] Anomaly found: yarr: clone syscall, close->mprotect->mprotect->fstat->read->openat->clone trace
[ 4324.803875] [+] Anomaly found: yarr: read syscall, mprotect->mprotect->fstat->read->openat->clone->read trace
[ 4324.803884] [+] Anomaly found: yarr: openat syscall, mprotect->fstat->read->openat->clone->read->openat trace
[ 4324.803912] [+] Anomaly found: yarr: exit syscall, fstat->read->openat->clone->read->openat->exit trace
[ 4324.806289] [+] Anomaly found: yarr: munmap syscall, exit->clone->read->openat->exit->clone->munmap trace
[ 4324.806349] [+] Anomaly found: yarr: openat syscall, clone->read->openat->exit->clone->munmap->openat trace
[ 4324.806366] [+] Anomaly found: yarr: read syscall, read->openat->exit->clone->munmap->openat->read trace
[ 4324.806376] [+] Anomaly found: yarr: fstat syscall, openat->exit->clone->munmap->openat->read->fstat trace
[ 4324.806973] [+] Anomaly found: yarr: mmap syscall, exit->clone->munmap->openat->read->fstat->mmap trace
[ 4324.807368] [+] Anomaly found: yarr: mprotect syscall, clone->munmap->openat->read->fstat->mmap->mprotect trace
[ 4324.810452] [+] Anomaly found: yarr: exit syscall, close->openat->fstat->read->openat->read->exit trace
[ 4324.810541] [+] Anomaly found: yarr: clone syscall, openat->fstat->read->openat->read->exit->clone trace
[ 4324.810581] [+] Anomaly found: yarr: read syscall, fstat->read->openat->read->exit->clone->read trace
[ 4324.810600] [+] Anomaly found: yarr: openat syscall, read->openat->read->exit->clone->read->openat trace
[ 4324.810646] [+] Anomaly found: yarr: exit syscall, openat->read->exit->clone->read->openat->exit trace
[ 4324.823407] [+] Anomaly found: yarr: close syscall, write->read->write->write->read->exit->close trace
[ 4324.823455] [+] Anomaly found: yarr: close syscall, read->write->write->read->exit->close->close trace
[ 4324.823488] [+] Anomaly found: yarr: fstat syscall, write->write->read->exit->close->close->fstat trace
[ 4324.823575] [+] Anomaly found: yarr: openat syscall, write->read->exit->close->close->fstat->openat trace
[ 4324.823590] [+] Anomaly found: yarr: fstat syscall, read->exit->close->close->fstat->openat->fstat trace
[ 4324.823595] [+] Anomaly found: yarr: mmap syscall, exit->close->close->fstat->openat->fstat->mmap trace
[ 4324.824903] Execve: ./target, lEiTPQ31HjpuxO3Gcn3m
[ 4324.836461] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: fstat syscall, read->openat->exit->write->read->close->fstat trace
[ 4324.836475] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, openat->exit->write->read->close->fstat->write trace
[ 4324.836513] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, exit->write->read->close->fstat->write->write trace
[ 4324.839484] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, write->write->write->write->read->openat->clone trace
[ 4324.849305] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, clone->read->openat->exit->clone->write->exit trace
[ 4324.852982] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, read->openat->exit->clone->write->exit->read trace
[ 4324.853023] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, openat->exit->clone->write->exit->read->openat trace
[ 4324.854677] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, exit->clone->write->exit->read->openat->clone trace
[ 4324.854728] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->write->exit->read->openat->clone->read trace
[ 4324.860862] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, read->openat->exit->clone->read->read->write trace
[ 4324.860875] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, openat->exit->clone->read->read->write->write trace
[ 4324.860880] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, exit->clone->read->read->write->write->write trace
[ 4324.860885] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, clone->read->read->write->write->write->write trace
[ 4324.865741] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, write->write->write->read->exit->read->clone trace
[ 4324.865826] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, write->write->read->exit->read->clone->read trace
[ 4324.865848] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, write->read->exit->read->clone->read->openat trace
[ 4324.865891] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, read->exit->read->clone->read->openat->exit trace
[ 4324.865918] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, exit->read->clone->read->openat->exit->clone trace
[ 4324.871626] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, read->openat->exit->clone->write->read->write trace
[ 4324.871642] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, openat->exit->clone->write->read->write->write trace
[ 4324.871648] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, exit->clone->write->read->write->write->write trace
[ 4324.871654] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, clone->write->read->write->write->write->write trace
[ 4324.884046] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, write->write->read->read->write->read->clone trace
[ 4324.884160] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, read->write->read->clone->read->openat->write trace
[ 4324.884172] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->read->clone->read->openat->write->write trace
[ 4324.884185] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, read->clone->read->openat->write->write->write trace
[ 4324.884190] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->read->openat->write->write->write->read trace
[ 4324.884709] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, read->write->exit->clone->read->openat->write trace
[ 4324.884718] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->exit->clone->read->openat->write->write trace
[ 4324.884726] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, exit->clone->read->openat->write->write->write trace
[ 4324.884733] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, clone->read->openat->write->write->write->write trace
[ 4324.884932] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, write->read->write->write->write->exit->clone trace
[ 4324.884986] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->write->exit->clone->read->openat->write trace
[ 4324.884999] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->exit->clone->read->openat->write->write trace
[ 4324.885004] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, exit->clone->read->openat->write->write->read trace
[ 4324.885008] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->read->openat->write->write->read->read trace
[ 4324.885189] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, read->read->write->read->write->write->exit trace
[ 4324.885219] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, read->write->read->write->write->exit->clone trace
[ 4324.885239] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, write->read->write->write->exit->clone->read trace
[ 4324.885250] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, read->write->write->exit->clone->read->openat trace
[ 4324.885277] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->write->exit->clone->read->openat->write trace
[ 4324.885286] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->exit->clone->read->openat->write->write trace
[ 4324.885298] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, exit->clone->read->openat->write->write->write trace
[ 4324.885302] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->read->openat->write->write->write->read trace
[ 4324.885564] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->write->exit->clone->read->openat->write trace
[ 4324.885569] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, write->exit->clone->read->openat->write->read trace
[ 4324.885573] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, exit->clone->read->openat->write->read->read trace
[ 4324.885576] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, clone->read->openat->write->read->read->write trace
[ 4324.885775] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, write->read->write->write->write->exit->clone trace
[ 4324.885827] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->write->exit->clone->read->openat->write trace
[ 4324.885840] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->exit->clone->read->openat->write->write trace
[ 4324.885844] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, exit->clone->read->openat->write->write->read trace
[ 4324.885848] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->read->openat->write->write->read->read trace
[ 4324.886040] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, write->read->write->write->write->exit->clone trace
[ 4324.886086] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->write->exit->clone->read->openat->write trace
[ 4324.886101] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->exit->clone->read->openat->write->write trace
[ 4324.886105] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, exit->clone->read->openat->write->write->read trace
[ 4324.886109] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->read->openat->write->write->read->read trace
[ 4324.886276] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, read->read->write->read->write->write->exit trace
[ 4324.886304] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, read->write->read->write->write->exit->clone trace
[ 4324.886323] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, write->read->write->write->exit->clone->read trace
[ 4324.886333] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, read->write->write->exit->clone->read->openat trace
[ 4324.886355] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->write->exit->clone->read->openat->write trace
[ 4324.886371] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->exit->clone->read->openat->write->write trace
[ 4324.886375] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, exit->clone->read->openat->write->write->read trace
[ 4324.886379] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->read->openat->write->write->read->read trace
[ 4324.886638] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->write->exit->clone->read->openat->write trace
[ 4324.886649] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, write->exit->clone->read->openat->write->read trace
[ 4324.886653] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, exit->clone->read->openat->write->read->read trace
[ 4324.886657] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, clone->read->openat->write->read->read->write trace
[ 4324.886906] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, read->write->exit->clone->read->openat->write trace
[ 4324.886916] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->exit->clone->read->openat->write->write trace
[ 4324.886928] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, exit->clone->read->openat->write->write->write trace
[ 4324.886932] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->read->openat->write->write->write->read trace
[ 4324.887091] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, write->write->read->read->write->read->exit trace
[ 4324.887115] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, write->read->read->write->read->exit->clone trace
[ 4324.887133] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, read->read->write->read->exit->clone->read trace
[ 4324.887143] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, read->write->read->exit->clone->read->openat trace
[ 4324.887165] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->read->exit->clone->read->openat->write trace
[ 4324.887176] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, read->exit->clone->read->openat->write->write trace
[ 4324.887187] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, exit->clone->read->openat->write->write->write trace
[ 4324.887191] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->read->openat->write->write->write->read trace
[ 4324.887436] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, read->write->exit->clone->read->openat->write trace
[ 4324.887450] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->exit->clone->read->openat->write->write trace
[ 4324.887454] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, exit->clone->read->openat->write->write->read trace
[ 4324.887458] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->read->openat->write->write->read->read trace
[ 4324.887699] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, read->write->exit->clone->read->openat->write trace
[ 4324.887714] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->exit->clone->read->openat->write->write trace
[ 4324.887718] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, exit->clone->read->openat->write->write->read trace
[ 4324.887722] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->read->openat->write->write->read->read trace
[ 4324.887959] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, read->write->exit->clone->read->openat->write trace
[ 4324.887968] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->exit->clone->read->openat->write->write trace
[ 4324.887980] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, exit->clone->read->openat->write->write->write trace
[ 4324.887985] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->read->openat->write->write->write->read trace
[ 4324.888219] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, read->write->exit->clone->read->openat->write trace
[ 4324.888228] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->exit->clone->read->openat->write->write trace
[ 4324.888240] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, exit->clone->read->openat->write->write->write trace
[ 4324.888244] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->read->openat->write->write->write->read trace
[ 4324.888474] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, read->write->exit->clone->read->openat->write trace
[ 4324.888483] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->exit->clone->read->openat->write->write trace
[ 4324.888495] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, exit->clone->read->openat->write->write->write trace
[ 4324.888500] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->read->openat->write->write->write->read trace
[ 4324.888717] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->write->exit->clone->read->openat->write trace
[ 4324.888722] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, write->exit->clone->read->openat->write->read trace
[ 4324.888726] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, exit->clone->read->openat->write->read->read trace
[ 4324.888729] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, clone->read->openat->write->read->read->write trace
[ 4324.888925] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, write->read->write->write->write->exit->clone trace
[ 4324.888975] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->write->exit->clone->read->openat->write trace
[ 4324.888989] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->exit->clone->read->openat->write->write trace
[ 4324.888993] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, exit->clone->read->openat->write->write->read trace
[ 4324.888997] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->read->openat->write->write->read->read trace
[ 4324.889185] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, write->read->write->write->write->exit->clone trace
[ 4324.889236] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->write->exit->clone->read->openat->write trace
[ 4324.889250] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->exit->clone->read->openat->write->write trace
[ 4324.889254] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, exit->clone->read->openat->write->write->read trace
[ 4324.889258] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->read->openat->write->write->read->read trace
[ 4324.889499] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, read->write->exit->clone->read->openat->write trace
[ 4324.889514] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->exit->clone->read->openat->write->write trace
[ 4324.889518] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, exit->clone->read->openat->write->write->read trace
[ 4324.889522] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->read->openat->write->write->read->read trace
[ 4324.889994] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, write->write->write->write->write->exit->clone trace
[ 4324.890078] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->write->exit->clone->read->openat->write trace
[ 4324.890095] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->exit->clone->read->openat->write->write trace
[ 4324.890100] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, exit->clone->read->openat->write->write->read trace
[ 4324.890105] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->read->openat->write->write->read->read trace
[ 4324.890436] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, read->read->write->read->write->write->exit trace
[ 4324.891487] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, read->write->read->write->write->exit->clone trace
[ 4324.892364] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, write->read->write->write->exit->clone->read trace
[ 4324.892404] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, read->write->write->exit->clone->read->openat trace
[ 4324.892474] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->write->exit->clone->read->openat->write trace
[ 4324.892547] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, write->exit->clone->read->openat->write->write trace
[ 4324.892565] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, exit->clone->read->openat->write->write->read trace
[ 4324.892574] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->read->openat->write->write->read->read trace
[ 4324.900092] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, write->read->write->write->read->exit->clone trace
[ 4324.910951] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, clone->read->openat->read->write->read->exit trace
[ 4324.911018] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, read->openat->read->write->read->exit->clone trace
[ 4324.911055] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, openat->read->write->read->exit->clone->read trace
[ 4324.911074] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, read->write->read->exit->clone->read->openat trace
[ 4324.917668] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, read->openat->exit->clone->read->openat->write trace
[ 4324.917690] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, openat->exit->clone->read->openat->write->read trace
[ 4324.917774] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, exit->clone->read->openat->write->read->exit trace
[ 4324.917794] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, clone->read->openat->write->read->exit->clone trace
[ 4326.870252] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: wait4 syscall, munmap->munmap->munmap->exit_group->write->read->wait4 trace
[ 4326.870657] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, munmap->munmap->exit_group->write->read->wait4->write trace
[ 4326.871719] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, munmap->exit_group->write->read->wait4->write->read trace
[ 4326.871730] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, exit_group->write->read->wait4->write->read->read trace
[ 4326.871737] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, write->read->wait4->write->read->read->read trace
[ 4326.872012] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, write->read->read->read->read->openat->clone trace
[ 4326.882177] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, read->read->read->read->write->read->exit trace
[ 4326.882272] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, read->read->read->write->read->exit->write trace
[ 4326.883252] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, read->read->write->read->exit->write->write trace
[ 4326.886055] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, read->write->read->exit->write->write->read trace
[ 4326.888056] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, write->read->clone->read->openat->exit->clone trace
[ 4326.892965] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mprotect syscall, clone->read->openat->exit->clone->read->mprotect trace
[ 4326.893161] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mprotect syscall, read->openat->exit->clone->read->mprotect->mprotect trace
[ 4326.894754] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, openat->exit->clone->read->mprotect->mprotect->read trace
[ 4326.894874] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, exit->clone->read->mprotect->mprotect->read->read trace
[ 4326.894881] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->read->mprotect->mprotect->read->read->read trace
[ 4326.896668] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, read->read->write->read->openat->read->exit trace
[ 4326.898412] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, read->write->read->openat->read->exit->clone trace
[ 4326.898454] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, write->read->openat->read->exit->clone->read trace
[ 4326.898475] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, read->openat->read->exit->clone->read->openat trace
[ 4326.898516] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, openat->read->exit->clone->read->openat->exit trace
[ 4326.907148] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, write->write->read->read->write->read->exit trace
[ 4326.908047] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mprotect syscall, write->read->read->write->read->exit->mprotect trace
[ 4326.908180] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mprotect syscall, read->read->write->read->exit->mprotect->mprotect trace
[ 4326.908210] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, read->write->read->exit->mprotect->mprotect->read trace
[ 4326.908235] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, write->read->exit->mprotect->mprotect->read->openat trace
[ 4326.910198] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, read->exit->mprotect->mprotect->read->openat->clone trace
[ 4326.910257] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, exit->mprotect->mprotect->read->openat->clone->read trace
[ 4326.910423] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, mprotect->mprotect->read->openat->clone->read->openat trace
[ 4326.910482] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, mprotect->read->openat->clone->read->openat->exit trace
[ 4326.921576] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, write->read->write->read->write->read->exit trace
[ 4326.924276] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, read->write->read->write->read->exit->read trace
[ 4326.924362] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, write->read->write->read->exit->read->openat trace
[ 4326.927045] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, read->write->read->exit->read->openat->clone trace
[ 4326.934555] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, clone->read->read->read->write->read->exit trace
[ 4326.934850] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, read->read->read->write->read->exit->read trace
[ 4326.934862] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, read->read->write->read->exit->read->read trace
[ 4326.934868] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, read->write->read->exit->read->read->read trace
[ 4326.945173] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, clone->read->read->read->write->read->exit trace
[ 4326.947923] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, read->read->read->write->read->exit->read trace
[ 4326.947954] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, read->read->write->read->exit->read->openat trace
[ 4326.950150] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, read->write->read->exit->read->openat->clone trace
[ 4326.958174] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, clone->read->read->read->write->read->exit trace
[ 4326.959950] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, read->read->read->write->read->exit->read trace
[ 4326.959978] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, read->read->write->read->exit->read->openat trace
[ 4326.961614] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, read->write->read->exit->read->openat->clone trace
[ 4326.965262] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, read->openat->exit->clone->write->read->write trace
[ 4326.965270] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, openat->exit->clone->write->read->write->write trace
[ 4326.965277] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, exit->clone->write->read->write->write->read trace
[ 4326.967091] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, clone->write->read->write->write->read->read trace
[ 4326.969342] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, read->read->write->read->read->openat->exit trace
[ 4326.971082] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, read->write->read->read->openat->exit->clone trace
[ 4326.971141] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, write->read->read->openat->exit->clone->read trace
[ 4326.971169] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, read->read->openat->exit->clone->read->openat trace
[ 4326.980354] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, clone->read->read->read->write->read->exit trace
[ 4326.982906] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, read->read->read->write->read->exit->read trace
[ 4326.982918] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, read->read->write->read->exit->read->read trace
[ 4326.982924] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, read->write->read->exit->read->read->read trace
[ 4326.991999] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, clone->read->read->read->write->read->exit trace
[ 4326.992292] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, read->read->read->write->read->exit->read trace
[ 4326.992349] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, read->read->write->read->exit->read->openat trace
[ 4326.994061] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, read->write->read->exit->read->openat->clone trace
[ 4329.375082] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mprotect syscall, write->write->read->read->close->rename->mprotect trace
[ 4329.375108] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mprotect syscall, write->read->read->close->rename->mprotect->mprotect trace
[ 4329.375118] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mprotect syscall, read->read->close->rename->mprotect->mprotect->mprotect trace
[ 4329.375127] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mprotect syscall, read->close->rename->mprotect->mprotect->mprotect->mprotect trace
[ 4329.375214] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mprotect syscall, close->rename->mprotect->mprotect->mprotect->mprotect->mprotect trace
[ 4329.375225] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mprotect syscall, rename->mprotect->mprotect->mprotect->mprotect->mprotect->mprotect trace
[ 4329.382289] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, mprotect->mprotect->mprotect->mprotect->mprotect->mprotect->clone trace
[ 4329.382340] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, mprotect->mprotect->mprotect->mprotect->mprotect->clone->read trace
[ 4329.382363] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, mprotect->mprotect->mprotect->mprotect->clone->read->openat trace
[ 4329.382407] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, mprotect->mprotect->mprotect->clone->read->openat->exit trace
[ 4329.382435] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, mprotect->mprotect->clone->read->openat->exit->clone trace
[ 4329.387760] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mprotect syscall, clone->read->openat->exit->clone->mprotect->mprotect trace
[ 4329.391734] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, read->openat->exit->clone->mprotect->mprotect->read trace
[ 4329.391766] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, openat->exit->clone->mprotect->mprotect->read->openat trace
[ 4329.392933] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, exit->clone->mprotect->mprotect->read->openat->exit trace
[ 4329.393021] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, clone->mprotect->mprotect->read->openat->exit->clone trace
[ 4333.232611] Execve: /usr/bin/sudo, ./target
[ 4333.239146] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: fstat syscall, mprotect->openat->read->fstat->mmap->mprotect->fstat trace
[ 4333.239221] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, openat->read->fstat->mmap->mprotect->fstat->read trace
[ 4333.239240] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, read->fstat->mmap->mprotect->fstat->read->openat trace
[ 4333.239283] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, fstat->mmap->mprotect->fstat->read->openat->clone trace
[ 4333.239314] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, mmap->mprotect->fstat->read->openat->clone->read trace
[ 4333.239324] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, mprotect->fstat->read->openat->clone->read->openat trace
[ 4333.239353] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, fstat->read->openat->clone->read->openat->exit trace
[ 4333.242465] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mmap syscall, exit->clone->read->openat->exit->clone->mmap trace
[ 4333.242507] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: close syscall, clone->read->openat->exit->clone->mmap->close trace
[ 4333.242541] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, read->openat->exit->clone->mmap->close->openat trace
[ 4333.242559] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: fstat syscall, openat->exit->clone->mmap->close->openat->fstat trace
[ 4333.242565] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mmap syscall, exit->clone->mmap->close->openat->fstat->mmap trace
[ 4333.242573] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: close syscall, clone->mmap->close->openat->fstat->mmap->close trace
[ 4333.247747] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, read->close->close->clone->close->read->write trace
[ 4333.247774] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, close->close->clone->close->read->write->read trace
[ 4333.248159] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, close->clone->close->read->write->read->write trace
[ 4333.248196] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, clone->close->read->write->read->write->write trace
[ 4333.249952] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, write->read->write->exit->read->openat->clone trace
[ 4333.250693] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: fstat syscall, clone->read->openat->exit->clone->openat->fstat trace
[ 4333.250700] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, read->openat->exit->clone->openat->fstat->read trace
[ 4333.250708] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: close syscall, openat->exit->clone->openat->fstat->read->close trace
[ 4333.250727] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, exit->clone->openat->fstat->read->close->openat trace
[ 4333.250735] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: fstat syscall, clone->openat->fstat->read->close->openat->fstat trace
[ 4333.256974] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: close syscall, exit->clone->read->openat->exit->clone->close trace
[ 4333.257037] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: close syscall, clone->read->openat->exit->clone->close->close trace
[ 4333.257060] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: close syscall, read->openat->exit->clone->close->close->close trace
[ 4333.257065] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: close syscall, openat->exit->clone->close->close->close->close trace
[ 4333.257071] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, exit->clone->close->close->close->close->openat trace
[ 4333.257099] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: fstat syscall, clone->close->close->close->close->openat->fstat trace
[ 4333.257160] Execve: ./target, saEmNjkM4hUXypeYtRTu
[ 4333.261363] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, brk->close->close->execve->read->openat->read trace
[ 4333.261374] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: close syscall, close->close->execve->read->openat->read->close trace
[ 4333.261541] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, close->execve->read->openat->read->close->exit trace
[ 4333.261620] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, execve->read->openat->read->close->exit->clone trace
[ 4333.261713] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, read->close->exit->clone->read->openat->exit trace
[ 4333.261736] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, close->exit->clone->read->openat->exit->clone trace
[ 4333.262057] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, clone->read->openat->exit->read->openat->clone trace
[ 4333.264129] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mmap syscall, exit->clone->read->openat->exit->clone->mmap trace
[ 4333.267677] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, clone->read->openat->exit->clone->mmap->read trace
[ 4333.267756] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, read->openat->exit->clone->mmap->read->openat trace
[ 4333.271093] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mmap syscall, openat->exit->clone->mmap->read->openat->mmap trace
[ 4333.271105] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mmap syscall, exit->clone->mmap->read->openat->mmap->mmap trace
[ 4333.271774] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mprotect syscall, clone->mmap->read->openat->mmap->mmap->mprotect trace
[ 4333.271889] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: open syscall, openat->mmap->mmap->mprotect->mmap->mprotect->open trace
[ 4333.272434] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, fstat->mmap->mmap->mprotect->mmap->close->exit trace
[ 4333.272515] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, mmap->mmap->mprotect->mmap->close->exit->clone trace
[ 4333.272552] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, mmap->mprotect->mmap->close->exit->clone->read trace
[ 4333.272572] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, mprotect->mmap->close->exit->clone->read->openat trace
[ 4333.272615] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, mmap->close->exit->clone->read->openat->exit trace
[ 4333.272642] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, close->exit->clone->read->openat->exit->clone trace
[ 4333.280962] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: fstat syscall, read->openat->exit->clone->openat->read->fstat trace
[ 4333.280972] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mmap syscall, openat->exit->clone->openat->read->fstat->mmap trace
[ 4333.280986] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mprotect syscall, exit->clone->openat->read->fstat->mmap->mprotect trace
[ 4333.281003] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mmap syscall, clone->openat->read->fstat->mmap->mprotect->mmap trace
[ 4333.283578] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, fstat->read->brk->brk->read->read->exit trace
[ 4333.283949] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, read->brk->brk->read->read->exit->read trace
[ 4333.283961] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, brk->brk->read->read->exit->read->read trace
[ 4333.284191] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, brk->read->read->exit->read->read->read trace
[ 4333.292664] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: close syscall, read->openat->exit->clone->read->read->close trace
[ 4333.292695] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: fstat syscall, openat->exit->clone->read->read->close->fstat trace
[ 4333.292709] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, exit->clone->read->read->close->fstat->write trace
[ 4333.292758] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, clone->read->read->close->fstat->write->write trace
[ 4333.294870] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, openat->write->read->read->write->read->exit trace
[ 4333.294966] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, write->read->read->write->read->exit->clone trace
[ 4333.295008] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, read->read->write->read->exit->clone->read trace
[ 4333.295031] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, read->write->read->exit->clone->read->openat trace
[ 4333.298153] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, read->openat->exit->clone->write->write->write trace
[ 4333.298165] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, openat->exit->clone->write->write->write->write trace
[ 4333.298172] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, exit->clone->write->write->write->write->write trace
[ 4333.298179] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, clone->write->write->write->write->write->write trace
[ 4333.302433] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, write->write->write->read->openat->exit->clone trace
[ 4333.308500] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, read->openat->exit->clone->write->write->write trace
[ 4333.308577] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, openat->exit->clone->write->write->write->write trace
[ 4333.308589] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, exit->clone->write->write->write->write->write trace
[ 4333.308604] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, clone->write->write->write->write->write->write trace
[ 4333.309297] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, write->write->write->read->openat->exit->clone trace
[ 4333.313204] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, read->openat->exit->clone->write->write->write trace
[ 4333.313232] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, openat->exit->clone->write->write->write->write trace
[ 4333.313251] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, exit->clone->write->write->write->write->write trace
[ 4333.313268] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, clone->write->write->write->write->write->write trace
[ 4333.323925] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, write->write->write->write->write->write->clone trace
[ 4333.324102] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, write->write->clone->read->openat->exit->clone trace
[ 4333.343326] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, read->openat->exit->clone->exit->read->write trace
[ 4333.343677] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, openat->exit->clone->exit->read->write->read trace
[ 4333.348944] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, exit->clone->exit->read->write->read->read trace
[ 4333.348966] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, clone->exit->read->write->read->read->read trace
[ 4333.352272] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, write->write->write->write->write->write->clone trace
[ 4333.352411] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, write->write->clone->read->openat->exit->clone trace
[ 4335.356509] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, munmap->exit_group->wait4->write->write->read->write trace
[ 4335.356653] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, exit_group->wait4->write->write->read->write->read trace
[ 4335.356673] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, wait4->write->write->read->write->read->read trace
[ 4335.359791] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, write->write->read->read->read->openat->clone trace
[ 4335.386981] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, read->openat->exit->clone->exit->read->write trace
[ 4335.387004] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, openat->exit->clone->exit->read->write->read trace
[ 4335.387097] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, exit->clone->exit->read->write->read->write trace
[ 4335.387170] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, clone->exit->read->write->read->write->write trace
[ 4335.389605] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, write->write->read->read->read->openat->clone trace
[ 4335.394830] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, read->openat->exit->clone->write->read->write trace
[ 4335.395200] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, openat->exit->clone->write->read->write->read trace
[ 4335.395755] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, exit->clone->write->read->write->read->read trace
[ 4335.395783] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, clone->write->read->write->read->read->openat trace
[ 4335.395831] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, write->read->write->read->read->openat->exit trace
[ 4335.395905] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, read->write->read->read->openat->exit->clone trace
[ 4335.395936] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, write->read->read->openat->exit->clone->read trace
[ 4335.395946] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, read->read->openat->exit->clone->read->openat trace
[ 4335.414699] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, read->openat->exit->clone->exit->write->write trace
[ 4335.414773] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, openat->exit->clone->exit->write->write->read trace
[ 4335.420453] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, exit->clone->exit->write->write->read->read trace
[ 4335.420485] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, clone->exit->write->write->read->read->openat trace
[ 4335.422797] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, exit->write->write->read->read->openat->clone trace
[ 4335.436801] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mprotect syscall, openat->exit->clone->write->read->exit->mprotect trace
[ 4335.436876] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mprotect syscall, exit->clone->write->read->exit->mprotect->mprotect trace
[ 4335.437121] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mprotect syscall, clone->write->read->exit->mprotect->mprotect->mprotect trace
[ 4335.437153] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mprotect syscall, write->read->exit->mprotect->mprotect->mprotect->mprotect trace
[ 4335.438038] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mprotect syscall, read->exit->mprotect->mprotect->mprotect->mprotect->mprotect trace
[ 4335.438089] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mprotect syscall, exit->mprotect->mprotect->mprotect->mprotect->mprotect->mprotect trace
[ 4335.441490] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, mprotect->mprotect->mprotect->mprotect->read->openat->clone trace
[ 4335.441540] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, mprotect->mprotect->mprotect->read->openat->clone->read trace
[ 4335.441563] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, mprotect->mprotect->read->openat->clone->read->openat trace
[ 4335.441611] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, mprotect->read->openat->clone->read->openat->exit trace
[ 4335.449536] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, read->openat->exit->clone->write->read->write trace
[ 4335.449544] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, openat->exit->clone->write->read->write->write trace
[ 4335.449551] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, exit->clone->write->read->write->write->read trace
[ 4335.451818] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, clone->write->read->write->write->read->read trace
[ 4335.452618] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, read->write->write->read->read->openat->exit trace
[ 4335.454724] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, write->write->read->read->openat->exit->clone trace
[ 4335.454820] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, write->read->read->openat->exit->clone->read trace
[ 4335.454861] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, read->read->openat->exit->clone->read->openat trace
[ 4335.465417] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mprotect syscall, clone->read->openat->exit->clone->mprotect->mprotect trace
[ 4335.466054] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, read->openat->exit->clone->mprotect->mprotect->exit trace
[ 4335.468959] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, openat->exit->clone->mprotect->mprotect->exit->read trace
[ 4335.468998] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, exit->clone->mprotect->mprotect->exit->read->openat trace
[ 4335.471128] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, clone->mprotect->mprotect->exit->read->openat->clone trace
[ 4335.471179] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, mprotect->mprotect->exit->read->openat->clone->read trace
[ 4335.471203] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, mprotect->exit->read->openat->clone->read->openat trace
[ 4341.461724] Execve: /usr/bin/sudo, ./target
[ 4341.467228] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: fstat syscall, read->fstat->mmap->mprotect->mmap->close->fstat trace
[ 4341.467303] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, fstat->mmap->mprotect->mmap->close->fstat->read trace
[ 4341.467322] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, mmap->mprotect->mmap->close->fstat->read->openat trace
[ 4341.467359] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, mprotect->mmap->close->fstat->read->openat->clone trace
[ 4341.467424] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, mmap->close->fstat->read->openat->clone->read trace
[ 4341.467435] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, close->fstat->read->openat->clone->read->openat trace
[ 4341.467464] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, fstat->read->openat->clone->read->openat->exit trace
[ 4341.472355] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: fstat syscall, read->openat->exit->clone->openat->read->fstat trace
[ 4341.472371] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mmap syscall, openat->exit->clone->openat->read->fstat->mmap trace
[ 4341.473294] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, exit->clone->openat->read->fstat->mmap->read trace
[ 4341.473337] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, clone->openat->read->fstat->mmap->read->openat trace
[ 4341.474518] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, close->openat->fstat->mmap->munmap->close->exit trace
[ 4341.474597] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, openat->fstat->mmap->munmap->close->exit->clone trace
[ 4341.474632] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, fstat->mmap->munmap->close->exit->clone->read trace
[ 4341.474651] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, mmap->munmap->close->exit->clone->read->openat trace
[ 4341.474695] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, munmap->close->exit->clone->read->openat->exit trace
[ 4341.474718] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, close->exit->clone->read->openat->exit->clone trace
[ 4341.478984] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, write->mprotect->mprotect->mprotect->mprotect->read->exit trace
[ 4341.479357] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, mprotect->mprotect->mprotect->mprotect->read->exit->clone trace
[ 4341.479528] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, mprotect->mprotect->mprotect->read->exit->clone->read trace
[ 4341.479620] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, mprotect->mprotect->read->exit->clone->read->openat trace
[ 4341.479986] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, mprotect->read->exit->clone->read->openat->exit trace
[ 4341.484777] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: fstat syscall, clone->read->openat->exit->clone->openat->fstat trace
[ 4341.484789] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mmap syscall, read->openat->exit->clone->openat->fstat->mmap trace
[ 4341.484815] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: munmap syscall, openat->exit->clone->openat->fstat->mmap->munmap trace
[ 4341.485464] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: close syscall, exit->clone->openat->fstat->mmap->munmap->close trace
[ 4341.485538] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, clone->openat->fstat->mmap->munmap->close->openat trace
[ 4341.491592] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: close syscall, read->fstat->mmap->mprotect->mmap->exit->close trace
[ 4341.491717] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mprotect syscall, fstat->mmap->mprotect->mmap->exit->close->mprotect trace
[ 4341.491816] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, mmap->mprotect->mmap->exit->close->mprotect->openat trace
[ 4341.491898] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: fstat syscall, mprotect->mmap->exit->close->mprotect->openat->fstat trace
[ 4341.491908] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, mmap->exit->close->mprotect->openat->fstat->read trace
[ 4341.491991] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, exit->close->mprotect->openat->fstat->read->openat trace
[ 4341.492241] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, read->openat->read->fstat->mmap->mprotect->clone trace
[ 4341.492282] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, openat->read->fstat->mmap->mprotect->clone->read trace
[ 4341.492301] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, read->fstat->mmap->mprotect->clone->read->openat trace
[ 4341.492341] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, fstat->mmap->mprotect->clone->read->openat->exit trace
[ 4341.495624] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mmap syscall, exit->clone->read->openat->exit->clone->mmap trace
[ 4341.496054] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mmap syscall, clone->read->openat->exit->clone->mmap->mmap trace
[ 4341.496081] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: close syscall, read->openat->exit->clone->mmap->mmap->close trace
[ 4341.496110] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, openat->exit->clone->mmap->mmap->close->openat trace
[ 4341.496125] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: fstat syscall, exit->clone->mmap->mmap->close->openat->fstat trace
[ 4341.496132] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mmap syscall, clone->mmap->mmap->close->openat->fstat->mmap trace
[ 4341.499646] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, mprotect->mmap->mmap->close->mprotect->mprotect->exit trace
[ 4341.499740] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, mmap->mmap->close->mprotect->mprotect->exit->clone trace
[ 4341.518168] Execve: ./target, fDlhaTpGvo1QiiHKBWXV
[ 4343.464529] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: wait4 syscall, read->mprotect->mprotect->write->read->read->wait4 trace
[ 4343.467059] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, munmap->exit_group->wait4->write->write->read->write trace
[ 4343.467265] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, exit_group->wait4->write->write->read->write->write trace
[ 4343.467274] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, wait4->write->write->read->write->write->read trace
[ 4343.475041] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, read->openat->exit->clone->read->read->write trace
[ 4343.475055] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, openat->exit->clone->read->read->write->read trace
[ 4343.475069] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, exit->clone->read->read->write->read->write trace
[ 4343.475078] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, clone->read->read->write->read->write->read trace
[ 4343.476433] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: exit syscall, write->read->write->read->read->openat->exit trace
[ 4343.476523] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: clone syscall, read->write->read->read->openat->exit->clone trace
[ 4343.476562] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, write->read->read->openat->exit->clone->read trace
[ 4343.476582] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, read->read->openat->exit->clone->read->openat trace
[ 4343.490472] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, clone->read->openat->exit->clone->exit->mprotect trace
[ 4343.490511] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, read->openat->exit->clone->exit->mprotect->mprotect trace
[ 4343.490816] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, openat->exit->clone->exit->mprotect->mprotect->mprotect trace
[ 4343.490856] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, exit->clone->exit->mprotect->mprotect->mprotect->mprotect trace
[ 4343.490912] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, clone->exit->mprotect->mprotect->mprotect->mprotect->mprotect trace
[ 4343.490933] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, exit->mprotect->mprotect->mprotect->mprotect->mprotect->mprotect trace
[ 4343.505071] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, mprotect->mprotect->mprotect->mprotect->mprotect->exit->mprotect trace
[ 4343.505148] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, mprotect->mprotect->mprotect->mprotect->exit->mprotect->mprotect trace
[ 4343.506286] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, mprotect->mprotect->mprotect->exit->mprotect->mprotect->mprotect trace
[ 4343.506323] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, mprotect->mprotect->exit->mprotect->mprotect->mprotect->mprotect trace
[ 4343.506425] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, mprotect->exit->mprotect->mprotect->mprotect->mprotect->mprotect trace
[ 4343.506455] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, exit->mprotect->mprotect->mprotect->mprotect->mprotect->mprotect trace
[ 4343.518021] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, clone->read->openat->exit->clone->exit->mprotect trace
[ 4343.518061] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, read->openat->exit->clone->exit->mprotect->mprotect trace
[ 4343.518539] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, openat->exit->clone->exit->mprotect->mprotect->mprotect trace
[ 4343.518571] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, exit->clone->exit->mprotect->mprotect->mprotect->mprotect trace
[ 4343.519112] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, clone->exit->mprotect->mprotect->mprotect->mprotect->mprotect trace
[ 4343.519134] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, exit->mprotect->mprotect->mprotect->mprotect->mprotect->mprotect trace
[ 4343.522527] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: clone syscall, mprotect->read->openat->mmap->mprotect->mprotect->clone trace
[ 4343.522573] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, read->openat->mmap->mprotect->mprotect->clone->read trace
[ 4343.522597] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, openat->mmap->mprotect->mprotect->clone->read->openat trace
[ 4343.522640] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: exit syscall, mmap->mprotect->mprotect->clone->read->openat->exit trace
[ 4343.537410] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, clone->read->openat->exit->clone->exit->mprotect trace
[ 4343.537452] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, read->openat->exit->clone->exit->mprotect->mprotect trace
[ 4343.537584] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, openat->exit->clone->exit->mprotect->mprotect->mprotect trace
[ 4343.537622] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, exit->clone->exit->mprotect->mprotect->mprotect->mprotect trace
[ 4343.539648] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, clone->exit->mprotect->mprotect->mprotect->mprotect->write trace
[ 4343.539878] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, exit->mprotect->mprotect->mprotect->mprotect->write->read trace
[ 4343.549247] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: exit syscall, clone->read->openat->exit->clone->write->exit trace
[ 4343.551040] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, read->openat->exit->clone->write->exit->read trace
[ 4343.551218] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, openat->exit->clone->write->exit->read->write trace
[ 4343.551409] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, exit->clone->write->exit->read->write->read trace
[ 4343.552417] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, clone->write->exit->read->write->read->read trace
[ 4343.555244] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: clone syscall, write->read->clone->read->openat->exit->clone trace
[ 4343.563577] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, clone->read->openat->exit->clone->exit->mprotect trace
[ 4343.563631] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, read->openat->exit->clone->exit->mprotect->mprotect trace
[ 4343.563863] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, openat->exit->clone->exit->mprotect->mprotect->read trace
[ 4343.563916] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, exit->clone->exit->mprotect->mprotect->read->openat trace
[ 4343.565644] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: clone syscall, clone->exit->mprotect->mprotect->read->openat->clone trace
[ 4343.565686] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, exit->mprotect->mprotect->read->openat->clone->read trace
[ 4343.566122] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, read->openat->exit->clone->write->read->write trace
[ 4343.566128] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, openat->exit->clone->write->read->write->write trace
[ 4350.810464] Execve: /usr/bin/sudo, ./target
[ 4350.820698] Execve: ./target, EfoCLpTFE8D0s96V7fgs
[ 4352.776708] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: wait4 syscall, munmap->munmap->munmap->exit_group->read->write->wait4 trace
[ 4352.777173] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: write syscall, munmap->munmap->exit_group->read->write->wait4->write trace
[ 4352.777286] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: write syscall, munmap->exit_group->read->write->wait4->write->write trace
[ 4352.777405] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: write syscall, exit_group->read->write->wait4->write->write->write trace
[ 4352.777458] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: write syscall, read->write->wait4->write->write->write->write trace
[ 4352.777711] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: write syscall, write->wait4->write->write->write->write->write trace
[ 4352.777808] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: write syscall, wait4->write->write->write->write->write->write trace
[ 4352.793356] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mprotect syscall, read->exit->write->read->write->read->mprotect trace
[ 4352.793496] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mprotect syscall, exit->write->read->write->read->mprotect->mprotect trace
[ 4352.806706] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mprotect syscall, clone->read->openat->exit->clone->mprotect->mprotect trace
[ 4352.807019] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, read->openat->exit->clone->mprotect->mprotect->read trace
[ 4352.807052] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, openat->exit->clone->mprotect->mprotect->read->openat trace
[ 4352.808101] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: exit syscall, exit->clone->mprotect->mprotect->read->openat->exit trace
[ 4352.808977] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, clone->mprotect->mprotect->read->openat->exit->read trace
[ 4352.809942] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, mprotect->mprotect->read->openat->exit->read->clone trace
[ 4352.809985] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, mprotect->read->openat->exit->read->clone->read trace
[ 4352.810005] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, read->openat->exit->read->clone->read->openat trace
[ 4352.810048] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: exit syscall, openat->exit->read->clone->read->openat->exit trace
[ 4352.810073] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, exit->read->clone->read->openat->exit->clone trace
[ 4352.829168] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mmap syscall, write->write->write->read->read->exit->mmap trace
[ 4352.829201] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mprotect syscall, write->write->read->read->exit->mmap->mprotect trace
[ 4352.829247] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mprotect syscall, write->read->read->exit->mmap->mprotect->mprotect trace
[ 4352.829304] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mprotect syscall, read->read->exit->mmap->mprotect->mprotect->mprotect trace
[ 4352.829315] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mprotect syscall, read->exit->mmap->mprotect->mprotect->mprotect->mprotect trace
[ 4352.829630] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mprotect syscall, exit->mmap->mprotect->mprotect->mprotect->mprotect->mprotect trace
[ 4359.099605] Execve: /usr/bin/sudo, ./target
[ 4359.106466] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: fstat syscall, read->fstat->mmap->mprotect->mmap->close->fstat trace
[ 4359.106541] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, fstat->mmap->mprotect->mmap->close->fstat->read trace
[ 4359.106560] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, mmap->mprotect->mmap->close->fstat->read->openat trace
[ 4359.106600] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, mprotect->mmap->close->fstat->read->openat->clone trace
[ 4359.106631] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, mmap->close->fstat->read->openat->clone->read trace
[ 4359.106641] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, close->fstat->read->openat->clone->read->openat trace
[ 4359.106671] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: exit syscall, fstat->read->openat->clone->read->openat->exit trace
[ 4359.110871] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mprotect syscall, clone->read->openat->exit->clone->mprotect->mprotect trace
[ 4359.110894] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: munmap syscall, read->openat->exit->clone->mprotect->mprotect->munmap trace
[ 4359.110938] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, openat->exit->clone->mprotect->mprotect->munmap->read trace
[ 4359.110954] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: close syscall, exit->clone->mprotect->mprotect->munmap->read->close trace
[ 4359.110977] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, clone->mprotect->mprotect->munmap->read->close->openat trace
[ 4359.115253] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: exit syscall, fstat->read->read->close->openat->read->exit trace
[ 4359.115351] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, read->read->close->openat->read->exit->clone trace
[ 4359.115395] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, read->close->openat->read->exit->clone->read trace
[ 4359.115417] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, close->openat->read->exit->clone->read->openat trace
[ 4359.115469] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: exit syscall, openat->read->exit->clone->read->openat->exit trace
[ 4359.123475] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: fstat syscall, mprotect->mprotect->mprotect->read->exit->clone->fstat trace
[ 4359.123486] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, mprotect->mprotect->read->exit->clone->fstat->read trace
[ 4359.123529] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, mprotect->read->exit->clone->fstat->read->openat trace
[ 4359.123537] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, read->exit->clone->fstat->read->openat->read trace
[ 4359.123544] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: fstat syscall, exit->clone->fstat->read->openat->read->fstat trace
[ 4359.123560] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mmap syscall, clone->fstat->read->openat->read->fstat->mmap trace
[ 4359.126407] Execve: ./target, ANBMGkdd2EowBh3Sxc3K
[ 4359.126602] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, brk->close->close->execve->read->close->read trace
[ 4359.126623] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, close->close->execve->read->close->read->openat trace
[ 4359.127926] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mmap syscall, close->execve->read->close->read->openat->mmap trace
[ 4359.127995] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mmap syscall, execve->read->close->read->openat->mmap->mmap trace
[ 4359.130172] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, fstat->read->brk->brk->read->read->exit trace
[ 4359.130303] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, read->brk->brk->read->read->exit->clone trace
[ 4359.130359] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, brk->brk->read->read->exit->clone->read trace
[ 4359.130381] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, brk->read->read->exit->clone->read->openat trace
[ 4359.133563] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, clone->read->openat->exit->read->openat->clone trace
[ 4359.134134] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: fstat syscall, clone->read->openat->exit->clone->openat->fstat trace
[ 4359.134140] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, read->openat->exit->clone->openat->fstat->read trace
[ 4359.134148] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, openat->exit->clone->openat->fstat->read->close trace
[ 4359.134166] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, exit->clone->openat->fstat->read->close->openat trace
[ 4359.134175] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: fstat syscall, clone->openat->fstat->read->close->openat->fstat trace
[ 4359.134563] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: fstatat syscall, read->write->write->read->openat->fstat->fstatat trace
[ 4359.134572] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: fstatat syscall, write->write->read->openat->fstat->fstatat->fstatat trace
[ 4359.134579] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: fstatat syscall, write->read->openat->fstat->fstatat->fstatat->fstatat trace
[ 4359.134585] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: fstatat syscall, read->openat->fstat->fstatat->fstatat->fstatat->fstatat trace
[ 4359.136280] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, fstatat->fstatat->fstatat->fstatat->close->openat->exit trace
[ 4359.136405] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, fstatat->fstatat->fstatat->close->openat->exit->read trace
[ 4359.136427] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, fstatat->fstatat->close->openat->exit->read->openat trace
[ 4359.136467] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, fstatat->close->openat->exit->read->openat->clone trace
[ 4359.138499] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, write->read->read->write->read->exit->clone trace
[ 4359.138953] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: fstat syscall, clone->read->openat->exit->clone->openat->fstat trace
[ 4359.138958] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, read->openat->exit->clone->openat->fstat->read trace
[ 4359.138966] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, openat->exit->clone->openat->fstat->read->close trace
[ 4359.138982] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, exit->clone->openat->fstat->read->close->openat trace
[ 4359.138990] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: fstat syscall, clone->openat->fstat->read->close->openat->fstat trace
[ 4368.106244] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, mmap->mprotect->mmap->mprotect->mprotect->mmap->openat trace
[ 4368.106294] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, mprotect->mmap->mprotect->mprotect->mmap->openat->read trace
[ 4368.106318] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, mmap->mprotect->mprotect->mmap->openat->read->read trace
[ 4368.106334] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, mprotect->mprotect->mmap->openat->read->read->read trace
[ 4368.106352] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, mprotect->mmap->openat->read->read->read->read trace
[ 4368.106544] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, mmap->openat->read->read->read->read->openat trace
[ 4368.107509] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, openat->close->close->read->openat->fstat->clone trace
[ 4368.107563] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, close->close->read->openat->fstat->clone->read trace
[ 4368.107583] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, close->read->openat->fstat->clone->read->openat trace
[ 4368.107628] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, read->openat->fstat->clone->read->openat->exit trace
[ 4368.107661] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, openat->fstat->clone->read->openat->exit->clone trace
[ 4368.107683] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, fstat->clone->read->openat->exit->clone->read trace
[ 4368.119559] Execve: /usr/bin/sudo, ./target
[ 4368.125678] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, write->read->read->read->openat->write->exit trace
[ 4368.125770] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, read->read->read->openat->write->exit->read trace
[ 4368.125791] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, read->read->openat->write->exit->read->openat trace
[ 4368.125831] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, read->openat->write->exit->read->openat->clone trace
[ 4368.125875] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, openat->write->exit->read->openat->clone->read trace
[ 4368.142346] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, read->mmap->mprotect->mprotect->mprotect->mprotect->close trace
[ 4368.142394] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, mmap->mprotect->mprotect->mprotect->mprotect->close->close trace
[ 4368.142426] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: fstat syscall, mprotect->mprotect->mprotect->mprotect->close->close->fstat trace
[ 4368.142509] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, mprotect->mprotect->mprotect->close->close->fstat->openat trace
[ 4368.142520] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: fstat syscall, mprotect->mprotect->close->close->fstat->openat->fstat trace
[ 4368.142526] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mmap syscall, mprotect->close->close->fstat->openat->fstat->mmap trace
[ 4368.143487] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, close->openat->openat->write->read->openat->clone trace
[ 4368.146984] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, exit->clone->read->openat->exit->clone->close trace
[ 4368.147031] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, clone->read->openat->exit->clone->close->clone trace
[ 4368.147235] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, read->openat->exit->clone->close->clone->close trace
[ 4368.147493] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, openat->exit->clone->close->clone->close->read trace
[ 4368.147521] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, exit->clone->close->clone->close->read->openat trace
[ 4368.151139] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, clone->close->clone->close->read->openat->exit trace
[ 4368.151233] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, close->clone->close->read->openat->exit->clone trace
[ 4368.151285] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, clone->close->read->openat->exit->clone->read trace
[ 4368.153420] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, exit->clone->read->openat->exit->clone->close trace
[ 4368.153500] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, clone->read->openat->exit->clone->close->close trace
[ 4368.153523] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, read->openat->exit->clone->close->close->close trace
[ 4368.153529] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, openat->exit->clone->close->close->close->close trace
[ 4368.153535] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, exit->clone->close->close->close->close->openat trace
[ 4368.153567] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: fstat syscall, clone->close->close->close->close->openat->fstat trace
[ 4368.153643] Execve: ./target, iOjcP1MQc6LNmZiwE0z2
[ 4368.158686] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, brk->close->close->execve->read->openat->exit trace
[ 4368.158777] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, close->close->execve->read->openat->exit->clone trace
[ 4368.158815] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, close->execve->read->openat->exit->clone->read trace
[ 4368.158834] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, execve->read->openat->exit->clone->read->openat trace
[ 4368.159291] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, clone->read->openat->exit->read->openat->clone trace
[ 4368.163850] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mmap syscall, read->openat->exit->clone->read->close->mmap trace
[ 4368.164092] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mmap syscall, openat->exit->clone->read->close->mmap->mmap trace
[ 4368.164755] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mmap syscall, exit->clone->read->close->mmap->mmap->mmap trace
[ 4368.164906] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mprotect syscall, clone->read->close->mmap->mmap->mmap->mprotect trace
[ 4368.168051] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, mmap->mprotect->mprotect->mprotect->mprotect->mprotect->exit trace
[ 4368.169014] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mprotect syscall, mprotect->mprotect->mprotect->mprotect->mprotect->exit->mprotect trace
[ 4368.169113] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: munmap syscall, mprotect->mprotect->mprotect->mprotect->exit->mprotect->munmap trace
[ 4368.169352] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, mprotect->mprotect->mprotect->exit->mprotect->munmap->openat trace
[ 4368.169560] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, mprotect->mprotect->exit->mprotect->munmap->openat->clone trace
[ 4368.169602] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, mprotect->exit->mprotect->munmap->openat->clone->read trace
[ 4368.169626] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, exit->mprotect->munmap->openat->clone->read->openat trace
[ 4368.169667] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, mprotect->munmap->openat->clone->read->openat->exit trace
[ 4368.169695] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, munmap->openat->clone->read->openat->exit->clone trace
[ 4368.174217] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: fstat syscall, exit->clone->read->openat->exit->clone->fstat trace
[ 4368.174475] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: brk syscall, clone->read->openat->exit->clone->fstat->brk trace
[ 4368.175016] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: brk syscall, read->openat->exit->clone->fstat->brk->brk trace
[ 4368.175061] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: close syscall, openat->exit->clone->fstat->brk->brk->close trace
[ 4368.175078] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, exit->clone->fstat->brk->brk->close->openat trace
[ 4368.175101] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: fstat syscall, clone->fstat->brk->brk->close->openat->fstat trace
[ 4368.176227] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, openat->fstat->read->brk->read->openat->exit trace
[ 4368.176311] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, fstat->read->brk->read->openat->exit->clone trace
[ 4368.176349] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, read->brk->read->openat->exit->clone->read trace
[ 4368.176367] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, brk->read->openat->exit->clone->read->openat trace
[ 4368.182418] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: brk syscall, read->openat->exit->clone->write->read->brk trace
[ 4368.182445] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, openat->exit->clone->write->read->brk->read trace
[ 4368.182453] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, exit->clone->write->read->brk->read->read trace
[ 4368.182786] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, clone->write->read->brk->read->read->read trace
[ 4368.182791] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, write->read->brk->read->read->read->read trace
[ 4368.186922] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, write->read->read->write->read->exit->clone trace
[ 4370.023030] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: wait4 syscall, read->write->read->write->read->read->wait4 trace
[ 4370.023353] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, read->read->wait4->close->close->read->openat trace
[ 4370.025907] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, read->wait4->close->close->read->openat->openat trace
[ 4370.025939] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: fstat syscall, wait4->close->close->read->openat->openat->fstat trace
[ 4370.028114] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, fstat->read->read->read->close->close->clone trace
[ 4370.028277] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, read->close->close->clone->read->openat->exit trace
[ 4370.028308] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, close->close->clone->read->openat->exit->clone trace
[ 4370.028671] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: fstat syscall, clone->read->openat->exit->clone->openat->fstat trace
[ 4370.028677] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, read->openat->exit->clone->openat->fstat->read trace
[ 4370.028686] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: close syscall, openat->exit->clone->openat->fstat->read->close trace
[ 4370.028705] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, exit->clone->openat->fstat->read->close->openat trace
[ 4370.028713] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: fstat syscall, clone->openat->fstat->read->close->openat->fstat trace
[ 4370.029197] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: close syscall, write->read->write->write->read->exit->close trace
[ 4370.029242] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: munmap syscall, read->write->write->read->exit->close->munmap trace
[ 4370.029271] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: munmap syscall, write->write->read->exit->close->munmap->munmap trace
[ 4370.029289] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: munmap syscall, write->read->exit->close->munmap->munmap->munmap trace
[ 4370.029313] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: munmap syscall, read->exit->close->munmap->munmap->munmap->munmap trace
[ 4370.029337] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: munmap syscall, exit->close->munmap->munmap->munmap->munmap->munmap trace
[ 4370.030719] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, munmap->munmap->munmap->munmap->exit_group->read->openat trace
[ 4370.030810] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, munmap->munmap->munmap->exit_group->read->openat->clone trace
[ 4370.030859] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, munmap->munmap->exit_group->read->openat->clone->read trace
[ 4370.030874] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, munmap->exit_group->read->openat->clone->read->openat trace
[ 4370.030914] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, exit_group->read->openat->clone->read->openat->exit trace
[ 4370.034578] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: wait4 syscall, exit->clone->read->openat->exit->clone->wait4 trace
[ 4370.035002] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: write syscall, clone->read->openat->exit->clone->wait4->write trace
[ 4370.035064] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: write syscall, read->openat->exit->clone->wait4->write->write trace
[ 4370.035080] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, openat->exit->clone->wait4->write->write->read trace
[ 4370.035087] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, exit->clone->wait4->write->write->read->read trace
[ 4370.035093] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: write syscall, clone->wait4->write->write->read->read->write trace
[ 4370.045427] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, write->write->write->read->read->exit->clone trace
[ 4376.484481] Execve: /usr/bin/sudo, ./target
[ 4376.493899] Execve: ./target, H2mvQoIOuxb3syz45GA7
[ 4385.692321] Execve: /usr/bin/sudo, ./target
[ 4385.702792] Execve: ./target, IBRNHiQTAMYfud7RonH9
[ 4387.544997] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: write syscall, munmap->exit_group->wait4->write->write->read->write trace
[ 4387.545030] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: write syscall, exit_group->wait4->write->write->read->write->write trace
[ 4387.545037] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: write syscall, wait4->write->write->read->write->write->write trace
[ 4387.547636] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: clone syscall, exit->write->read->read->write->read->clone trace
[ 4387.547762] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: clone syscall, write->read->clone->read->openat->exit->clone trace
[ 4389.901215] Execve: /usr/bin/sudo, rmmod
[ 4389.912398] Execve: /sbin/rmmod, hooks
[ 4389.912703] [+] Anomaly found: hooks: brk syscall, brk->close->close->execve->read->close->brk trace
[ 4389.912841] [+] Anomaly found: hooks: read syscall, close->close->execve->read->close->brk->read trace
[ 4389.912997] [+] Anomaly found: hooks: openat syscall, close->execve->read->close->brk->read->openat trace
[ 4389.913087] [+] Anomaly found: hooks: read syscall, execve->read->close->brk->read->openat->read trace
[ 4389.913109] [+] Anomaly found: hooks: openat syscall, read->close->brk->read->openat->read->openat trace
[ 4389.913156] [+] Anomaly found: hooks: clone syscall, close->brk->read->openat->read->openat->clone trace
[ 4389.913215] [+] Anomaly found: hooks: read syscall, brk->read->openat->read->openat->clone->read trace
[ 4389.925949] [+] Anomaly found: hooks: brk syscall, mprotect->mprotect->mprotect->munmap->read->write->brk trace
[ 4389.925958] [+] Anomaly found: hooks: brk syscall, mprotect->mprotect->munmap->read->write->brk->brk trace
[ 4389.926088] [+] Anomaly found: hooks: openat syscall, mprotect->munmap->read->write->brk->brk->openat trace
[ 4389.926109] [+] Anomaly found: hooks: fstat syscall, munmap->read->write->brk->brk->openat->fstat trace
[ 4389.926116] [+] Anomaly found: hooks: read syscall, read->write->brk->brk->openat->fstat->read trace
[ 4389.926215] [+] Anomaly found: hooks: read syscall, write->brk->brk->openat->fstat->read->read trace
[ 4389.927319] [+] Anomaly found: hooks: fstat syscall, write->write->write->write->read->exit->fstat trace
[ 4389.927340] [+] Anomaly found: hooks: close syscall, write->write->write->read->exit->fstat->close trace
[ 4389.927348] [+] Anomaly found: hooks: openat syscall, write->write->read->exit->fstat->close->openat trace
[ 4389.927357] [+] Anomaly found: hooks: read syscall, write->read->exit->fstat->close->openat->read trace
[ 4389.927364] [+] Anomaly found: hooks: read syscall, read->exit->fstat->close->openat->read->read trace
[ 4389.927369] [+] Anomaly found: hooks: close syscall, exit->fstat->close->openat->read->read->close trace
[ 4389.929309] [+] onunload: sys_call_table unhooked
[ 4389.929346] DB nodes freed: 896
[ 4389.929347] Syscalls counts: 2078546, Syscalls misses: 2539
[ 4389.929348] Trace nodes freed: 7
[ 4389.929348] Unloading complete!
Raw
700-3.log
[ 210.125092] Anomaly Detection (Kernel Hook) - Alastair Paragas
[ 210.137553] Syscall table address: 000000002c5bd104
[ 210.137558] sizeof(unsigned long long *): 8
[ 210.137559] sizeof(sys_call_table) : 8
[ 221.108641] Execve: /usr/bin/sudo, ./target
[ 221.118966] Execve: ./target, rJgVdaRJqFc7fiCE7Q6M
[ 230.141860] Execve: /usr/bin/sudo, ./target
[ 230.150031] Execve: ./target, DR8wEkyRevYXlZMWvmvg
[ 238.675916] Execve: /usr/bin/sudo, ./target
[ 238.683813] Execve: ./target, ZeFeXLPHJNzfEwFBrhiW
[ 247.578504] Execve: /usr/bin/sudo, ./target
[ 247.587398] Execve: ./target, 7K2WZ67HF4ETsMIyeOiU
[ 256.316994] Execve: /usr/bin/sudo, ./target
[ 256.325702] Execve: ./target, vULPKZelg89oZAdN0epB
[ 258.731982] [+] Anomaly found: vULPKZelg89oZAdN0epB: wait4 syscall, read->read->read->read->write->read->wait4 trace
[ 258.733655] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, read->write->read->wait4->write->read->write trace
[ 258.733686] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, write->read->wait4->write->read->write->read trace
[ 258.735812] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, read->wait4->write->read->write->read->read trace
[ 258.735843] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, wait4->write->read->write->read->read->read trace
[ 258.738055] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, openat->read->close->write->read->openat->clone trace
[ 258.738221] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, read->close->write->read->openat->clone->read trace
[ 258.738248] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, close->write->read->openat->clone->read->openat trace
[ 258.738487] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, write->read->openat->clone->read->openat->exit trace
[ 258.738601] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 258.738633] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 258.739225] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, read->openat->exit->clone->read->openat->write trace
[ 258.739286] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, openat->exit->clone->read->openat->write->exit trace
[ 258.739481] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, exit->clone->read->openat->write->exit->read trace
[ 258.739489] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, clone->read->openat->write->exit->read->read trace
[ 258.739494] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, read->openat->write->exit->read->read->read trace
[ 258.739499] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, openat->write->exit->read->read->read->read trace
[ 258.739503] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, write->exit->read->read->read->read->read trace
[ 258.740372] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, read->read->openat->read->close->write->clone trace
[ 258.740419] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, read->openat->read->close->write->clone->read trace
[ 258.740451] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, openat->read->close->write->clone->read->openat trace
[ 258.740503] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, read->close->write->clone->read->openat->exit trace
[ 258.740544] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, close->write->clone->read->openat->exit->clone trace
[ 258.741176] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, read->openat->exit->clone->read->openat->write trace
[ 258.741212] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, openat->exit->clone->read->openat->write->exit trace
[ 258.741235] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, exit->clone->read->openat->write->exit->clone trace
[ 258.741252] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, clone->read->openat->write->exit->clone->read trace
[ 258.741262] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, read->openat->write->exit->clone->read->openat trace
[ 258.741301] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, openat->write->exit->clone->read->openat->exit trace
[ 258.741321] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, write->exit->clone->read->openat->exit->clone trace
[ 258.741818] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, read->openat->exit->clone->read->openat->write trace
[ 258.741857] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, openat->exit->clone->read->openat->write->write trace
[ 258.741864] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, exit->clone->read->openat->write->write->read trace
[ 266.176078] Execve: /usr/bin/sudo, ./target
[ 266.179332] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, mmap->close->mprotect->mprotect->munmap->read->write trace
[ 266.199795] Execve: ./target, q4fw1kn34W19Ne7qpfZI
[ 268.399979] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: brk syscall, write->openat->fstat->brk->brk->brk->brk trace
[ 268.402375] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, openat->fstat->brk->brk->brk->brk->read trace
[ 268.402415] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, fstat->brk->brk->brk->brk->read->read trace
[ 268.403955] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, write->read->openat->clone->read->openat->exit trace
[ 268.404033] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 268.404101] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 268.404286] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, openat->write->read->write->write->read->exit trace
[ 268.439264] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: brk syscall, read->exit->write->write->write->write->brk trace
[ 268.439772] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: brk syscall, exit->write->write->write->write->brk->brk trace
[ 268.444828] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, write->read->openat->clone->read->openat->exit trace
[ 268.444873] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 268.445180] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 268.451941] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, read->openat->read->close->write->write->exit trace
[ 268.454159] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, openat->read->close->write->write->exit->read trace
[ 268.454174] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, read->close->write->write->exit->read->read trace
[ 268.454181] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, close->write->write->exit->read->read->read trace
[ 268.454186] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, write->write->exit->read->read->read->read trace
[ 268.454193] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, write->exit->read->read->read->read->read trace
[ 268.458142] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, close->write->write->read->openat->write->clone trace
[ 268.458677] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 268.458707] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, exit->clone->read->openat->read->openat->read trace
[ 268.458725] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, clone->read->openat->read->openat->read->read trace
[ 268.458880] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, read->openat->read->close->write->write->exit trace
[ 268.458938] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, openat->read->close->write->write->exit->clone trace
[ 268.458978] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, read->close->write->write->exit->clone->read trace
[ 268.459003] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, close->write->write->exit->clone->read->openat trace
[ 268.459049] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, write->write->exit->clone->read->openat->exit trace
[ 268.459088] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, write->exit->clone->read->openat->exit->clone trace
[ 268.464154] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit_group syscall, read->write->write->write->write->close->exit_group trace
[ 268.466233] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, munmap->munmap->munmap->munmap->exit_group->read->openat trace
[ 268.466254] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, munmap->munmap->munmap->exit_group->read->openat->read trace
[ 268.466265] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, munmap->munmap->exit_group->read->openat->read->read trace
[ 268.466273] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, munmap->exit_group->read->openat->read->read->read trace
[ 268.466280] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, exit_group->read->openat->read->read->read->openat trace
[ 268.471593] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: wait4 syscall, read->read->read->read->write->read->wait4 trace
[ 268.476450] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, read->close->write->write->write->read->exit trace
[ 268.476541] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, close->write->write->write->read->exit->clone trace
[ 268.477974] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, exit->clone->read->openat->exit->clone->openat trace
[ 268.477995] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, clone->read->openat->exit->clone->openat->openat trace
[ 268.478002] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, read->openat->exit->clone->openat->openat->openat trace
[ 268.478011] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, openat->exit->clone->openat->openat->openat->openat trace
[ 268.478017] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, exit->clone->openat->openat->openat->openat->openat trace
[ 268.478023] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, clone->openat->openat->openat->openat->openat->openat trace
[ 268.478232] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, openat->openat->openat->openat->write->openat->exit trace
[ 268.484618] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, openat->openat->openat->write->openat->exit->read trace
[ 268.484630] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, openat->openat->write->openat->exit->read->read trace
[ 268.484670] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, write->openat->exit->read->read->read->openat trace
[ 268.484691] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, openat->exit->read->read->read->openat->read trace
[ 268.484702] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, exit->read->read->read->openat->read->read trace
[ 268.485914] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, openat->read->close->write->read->openat->clone trace
[ 268.485956] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, read->close->write->read->openat->clone->read trace
[ 268.485967] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, close->write->read->openat->clone->read->openat trace
[ 268.486063] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, write->read->openat->clone->read->openat->exit trace
[ 268.486099] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 268.486123] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 268.487275] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, exit->clone->read->openat->read->write->exit trace
[ 268.487305] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, clone->read->openat->read->write->exit->clone trace
[ 268.487325] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, read->openat->read->write->exit->clone->read trace
[ 268.487339] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, openat->read->write->exit->clone->read->openat trace
[ 268.487393] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, read->write->exit->clone->read->openat->openat trace
[ 268.487411] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, write->exit->clone->read->openat->openat->read trace
[ 268.487420] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, exit->clone->read->openat->openat->read->read trace
[ 268.487427] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, clone->read->openat->openat->read->read->read trace
[ 268.487760] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: exit syscall, read->read->openat->read->close->write->exit trace
[ 268.487787] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: clone syscall, read->openat->read->close->write->exit->clone trace
[ 268.487807] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, openat->read->close->write->exit->clone->read trace
[ 268.487819] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: openat syscall, read->close->write->exit->clone->read->openat trace
[ 283.346807] Execve: /usr/bin/sudo, ./target
[ 283.359590] [+] Anomaly found: q4fw1kn34W19Ne7qpfZI: read syscall, fstatat->fstatat->fstatat->close->openat->write->read trace
[ 283.360937] Execve: ./target, Z08SXrUu9lhMVRVWZ0Pn
[ 295.344983] Execve: /usr/bin/sudo, ./target
[ 295.355401] Execve: ./target, A6WoRXruEMEz89YBRK4v
[ 297.599547] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: brk syscall, write->close->exit_group->brk->brk->brk->brk trace
[ 297.600231] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, close->exit_group->brk->brk->brk->brk->read trace
[ 297.600276] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, exit_group->brk->brk->brk->brk->read->read trace
[ 297.601078] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 297.601106] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 297.625224] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: exit syscall, wait4->close->close->openat->fstat->read->exit trace
[ 297.625290] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, close->close->openat->fstat->read->exit->read trace
[ 297.625325] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, close->openat->fstat->read->exit->read->read trace
[ 297.625334] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: close syscall, openat->fstat->read->exit->read->read->close trace
[ 297.625437] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, fstat->read->exit->read->read->close->openat trace
[ 297.625462] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: fstat syscall, read->exit->read->read->close->openat->fstat trace
[ 297.625469] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, exit->read->read->close->openat->fstat->read trace
[ 297.627760] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, munmap->munmap->munmap->munmap->exit_group->read->openat trace
[ 297.628033] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, munmap->munmap->munmap->exit_group->read->openat->read trace
[ 297.628054] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, munmap->munmap->exit_group->read->openat->read->read trace
[ 297.628065] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, munmap->exit_group->read->openat->read->read->read trace
[ 297.628073] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, exit_group->read->openat->read->read->read->openat trace
[ 297.629144] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, openat->read->close->write->read->openat->clone trace
[ 297.629256] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, read->close->write->read->openat->clone->read trace
[ 297.629297] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, close->write->read->openat->clone->read->openat trace
[ 297.630818] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 297.631160] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 297.632986] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: exit syscall, read->close->write->write->read->openat->exit trace
[ 297.633082] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, close->write->write->read->openat->exit->clone trace
[ 297.635919] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 297.635952] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, exit->clone->read->openat->read->openat->read trace
[ 297.635967] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, clone->read->openat->read->openat->read->read trace
[ 297.636163] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: exit syscall, read->openat->read->close->write->write->exit trace
[ 297.636236] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, openat->read->close->write->write->exit->clone trace
[ 297.636278] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, read->close->write->write->exit->clone->read trace
[ 297.636301] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, close->write->write->exit->clone->read->openat trace
[ 297.636634] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: wait4 syscall, read->openat->exit->clone->read->openat->wait4 trace
[ 297.637040] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: write syscall, openat->exit->clone->read->openat->wait4->write trace
[ 297.637073] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: exit syscall, exit->clone->read->openat->wait4->write->exit trace
[ 297.637103] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, clone->read->openat->wait4->write->exit->clone trace
[ 297.637124] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, read->openat->wait4->write->exit->clone->read trace
[ 297.637136] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, openat->wait4->write->exit->clone->read->openat trace
[ 297.637164] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: exit syscall, wait4->write->exit->clone->read->openat->exit trace
[ 297.639669] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 297.639695] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, exit->clone->read->openat->read->openat->read trace
[ 297.639707] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, clone->read->openat->read->openat->read->read trace
[ 297.644067] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: exit syscall, read->openat->read->close->write->write->exit trace
[ 297.644147] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, openat->read->close->write->write->exit->clone trace
[ 297.644195] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, read->close->write->write->exit->clone->read trace
[ 297.644218] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, close->write->write->exit->clone->read->openat trace
[ 297.647945] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 297.647971] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, exit->clone->read->openat->read->openat->read trace
[ 297.647983] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, clone->read->openat->read->openat->read->read trace
[ 297.648226] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: exit syscall, read->openat->read->close->write->write->exit trace
[ 297.648290] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, openat->read->close->write->write->exit->clone trace
[ 297.648330] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, read->close->write->write->exit->clone->read trace
[ 297.648351] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, close->write->write->exit->clone->read->openat trace
[ 297.653170] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 297.653357] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, exit->clone->read->openat->read->openat->read trace
[ 297.653378] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, clone->read->openat->read->openat->read->read trace
[ 297.663630] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: exit syscall, read->openat->read->close->write->write->exit trace
[ 297.663697] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, openat->read->close->write->write->exit->clone trace
[ 297.663734] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, read->close->write->write->exit->clone->read trace
[ 297.663756] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, close->write->write->exit->clone->read->openat trace
[ 299.954407] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: rename syscall, read->read->write->openat->write->close->rename trace
[ 299.955648] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: write syscall, read->write->openat->write->close->rename->write trace
[ 299.955687] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, write->openat->write->close->rename->write->read trace
[ 299.955785] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, openat->write->close->rename->write->read->read trace
[ 299.962089] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, write->read->write->write->read->read->clone trace
[ 299.962163] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, read->write->write->read->read->clone->read trace
[ 299.962197] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, write->write->read->read->clone->read->openat trace
[ 299.962610] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: exit syscall, write->read->read->clone->read->openat->exit trace
[ 299.962723] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, read->read->clone->read->openat->exit->clone trace
[ 299.962788] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, read->clone->read->openat->exit->clone->read trace
[ 299.963261] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 299.963303] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, exit->clone->read->openat->read->openat->read trace
[ 299.963326] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, clone->read->openat->read->openat->read->read trace
[ 299.965254] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, read->openat->read->close->write->exit->clone trace
[ 299.965415] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, openat->read->close->write->exit->clone->read trace
[ 299.968056] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: exit syscall, read->close->write->read->openat->write->exit trace
[ 299.968117] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, close->write->read->openat->write->exit->clone trace
[ 299.970971] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: exit syscall, read->close->write->write->read->openat->exit trace
[ 299.971022] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, close->write->write->read->openat->exit->clone trace
[ 299.974694] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, exit->clone->read->openat->exit->read->openat trace
[ 299.974788] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, clone->read->openat->exit->read->openat->read trace
[ 299.974862] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, read->openat->exit->read->openat->read->read trace
[ 299.974874] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, openat->exit->read->openat->read->read->read trace
[ 299.974884] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, exit->read->openat->read->read->read->openat trace
[ 299.976022] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: clone syscall, read->openat->read->close->write->write->clone trace
[ 299.976085] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, openat->read->close->write->write->clone->read trace
[ 299.978464] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 299.978491] [+] Anomaly found: A6WoRXruEMEz89YBRK4v: read syscall, exit->clone->read->openat->read->openat->read trace
[ 304.626928] Execve: /usr/bin/sudo, ./target
[ 304.637822] Execve: ./target, GSHGSSQCtwnukMSFSMUo
[ 305.964108] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, read->write->read->write->write->clone->openat trace
[ 305.964123] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: fstat syscall, write->read->write->write->clone->openat->fstat trace
[ 305.964131] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, read->write->write->clone->openat->fstat->read trace
[ 305.964196] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, write->write->clone->openat->fstat->read->read trace
[ 305.964202] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: close syscall, write->clone->openat->fstat->read->read->close trace
[ 305.964396] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, clone->openat->fstat->read->read->close->write trace
[ 305.968081] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 305.968106] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 305.988518] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, read->close->write->write->read->openat->exit trace
[ 305.988584] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, close->write->write->read->openat->exit->clone trace
[ 306.031658] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, write->close->mprotect->close->close->close->exit trace
[ 306.035031] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: brk syscall, close->mprotect->close->close->close->exit->brk trace
[ 306.035493] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: brk syscall, mprotect->close->close->close->exit->brk->brk trace
[ 306.035875] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, close->close->close->exit->brk->brk->read trace
[ 306.035894] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, close->close->exit->brk->brk->read->read trace
[ 306.035905] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, close->exit->brk->brk->read->read->read trace
[ 306.035914] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, exit->brk->brk->read->read->read->read trace
[ 306.067874] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, clone->read->openat->exit->clone->read->read trace
[ 306.067975] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, read->openat->exit->clone->read->read->read trace
[ 306.067985] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, openat->exit->clone->read->read->read->read trace
[ 306.067989] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, exit->clone->read->read->read->read->read trace
[ 306.067993] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, clone->read->read->read->read->read->read trace
[ 306.076384] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, clone->read->openat->exit->clone->read->read trace
[ 306.076398] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, read->openat->exit->clone->read->read->read trace
[ 306.076691] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, openat->exit->clone->read->read->read->write trace
[ 306.079450] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, exit->clone->read->read->read->write->read trace
[ 306.079464] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, clone->read->read->read->write->read->read trace
[ 306.080267] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, read->close->write->write->read->openat->exit trace
[ 306.080349] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, close->write->write->read->openat->exit->clone trace
[ 306.083242] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, clone->read->openat->exit->clone->read->read trace
[ 306.083252] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, read->openat->exit->clone->read->read->read trace
[ 306.083260] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, openat->exit->clone->read->read->read->read trace
[ 306.083398] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, exit->clone->read->read->read->read->read trace
[ 306.083406] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, clone->read->read->read->read->read->read trace
[ 306.092376] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, clone->read->openat->exit->clone->read->read trace
[ 306.092390] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, read->openat->exit->clone->read->read->read trace
[ 306.093527] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, openat->exit->clone->read->read->read->write trace
[ 306.095497] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, exit->clone->read->read->read->write->read trace
[ 306.095509] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, clone->read->read->read->write->read->read trace
[ 306.099203] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, write->write->write->write->read->read->clone trace
[ 306.099243] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, write->write->write->read->read->clone->read trace
[ 306.099262] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, write->write->read->read->clone->read->openat trace
[ 306.099305] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, write->read->read->clone->read->openat->exit trace
[ 306.099329] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, read->read->clone->read->openat->exit->clone trace
[ 306.099346] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, read->clone->read->openat->exit->clone->read trace
[ 306.099681] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 306.099699] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, exit->clone->read->openat->read->openat->read trace
[ 306.964856] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: fstat syscall, write->write->write->write->write->write->fstat trace
[ 306.964871] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, write->write->write->write->write->fstat->write trace
[ 306.964892] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, write->write->write->write->fstat->write->read trace
[ 306.964923] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, write->write->write->fstat->write->read->write trace
[ 306.964942] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, write->write->fstat->write->read->write->write trace
[ 306.964950] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, write->fstat->write->read->write->write->write trace
[ 306.975104] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, write->write->write->brk->read->openat->exit trace
[ 306.975158] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, write->write->brk->read->openat->exit->clone trace
[ 306.975178] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, write->brk->read->openat->exit->clone->read trace
[ 306.975188] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, brk->read->openat->exit->clone->read->openat trace
[ 306.975428] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, read->openat->read->read->read->exit->clone trace
[ 306.975454] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, openat->read->read->read->exit->clone->read trace
[ 306.983159] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: brk syscall, read->openat->read->close->write->write->brk trace
[ 306.983256] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, openat->read->close->write->write->brk->read trace
[ 307.094559] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: close syscall, read->read->brk->brk->read->write->close trace
[ 307.094888] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, read->brk->brk->read->write->close->read trace
[ 307.094948] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, brk->brk->read->write->close->read->read trace
[ 307.094958] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, brk->read->write->close->read->read->read trace
[ 307.100018] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 307.100066] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 309.296148] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: mprotect syscall, read->read->close->rename->read->mprotect->mprotect trace
[ 309.297762] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, read->close->rename->read->mprotect->mprotect->read trace
[ 309.297773] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, close->rename->read->mprotect->mprotect->read->read trace
[ 309.297779] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, rename->read->mprotect->mprotect->read->read->read trace
[ 309.298254] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 309.298273] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 311.581629] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: fstatat syscall, write->write->write->write->read->openat->fstatat trace
[ 311.581646] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, write->write->write->read->openat->fstatat->openat trace
[ 311.581657] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: fstat syscall, write->write->read->openat->fstatat->openat->fstat trace
[ 311.581665] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, write->read->openat->fstatat->openat->fstat->read trace
[ 311.581672] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, read->openat->fstatat->openat->fstat->read->read trace
[ 311.581678] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: close syscall, openat->fstatat->openat->fstat->read->read->close trace
[ 311.581721] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: close syscall, fstatat->openat->fstat->read->read->close->close trace
[ 311.581772] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: fstatat syscall, fstat->read->read->close->close->openat->fstatat trace
[ 311.581782] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, read->read->close->close->openat->fstatat->openat trace
[ 311.581790] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: fstat syscall, read->close->close->openat->fstatat->openat->fstat trace
[ 313.699927] Execve: /usr/bin/sudo, ./target
[ 313.709883] Execve: ./target, hPgukk0ZQaDx2J5mb0hO
[ 315.806935] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: write syscall, munmap->openat->fstat->mmap->close->munmap->write trace
[ 315.806953] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: write syscall, openat->fstat->mmap->close->munmap->write->write trace
[ 315.806963] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: write syscall, fstat->mmap->close->munmap->write->write->write trace
[ 315.806974] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: write syscall, mmap->close->munmap->write->write->write->write trace
[ 315.806985] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: write syscall, close->munmap->write->write->write->write->write trace
[ 315.806993] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: write syscall, munmap->write->write->write->write->write->write trace
[ 315.811626] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 315.811649] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 316.179989] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: wait4 syscall, write->write->write->write->read->read->wait4 trace
[ 316.183170] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, write->write->write->read->read->wait4->read trace
[ 316.186660] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, read->write->write->write->read->read->clone trace
[ 316.186738] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, write->write->write->read->read->clone->read trace
[ 316.186772] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: openat syscall, write->write->read->read->clone->read->openat trace
[ 316.186837] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: exit syscall, write->read->read->clone->read->openat->exit trace
[ 316.186881] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, read->read->clone->read->openat->exit->clone trace
[ 316.186910] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, read->clone->read->openat->exit->clone->read trace
[ 316.189519] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: close syscall, exit->clone->read->openat->exit->clone->close trace
[ 316.190376] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, read->openat->exit->clone->close->close->read trace
[ 316.190387] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, openat->exit->clone->close->close->read->read trace
[ 316.190391] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, exit->clone->close->close->read->read->read trace
[ 316.193613] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: close syscall, openat->read->close->write->write->read->openat trace
[ 316.195235] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: openat syscall, exit->clone->read->openat->exit->clone->openat trace
[ 316.195254] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: fstat syscall, clone->read->openat->exit->clone->openat->fstat trace
[ 316.195260] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, read->openat->exit->clone->openat->fstat->read trace
[ 316.195269] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: close syscall, openat->exit->clone->openat->fstat->read->close trace
[ 316.195380] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: openat syscall, exit->clone->openat->fstat->read->close->openat trace
[ 316.195395] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: fstat syscall, clone->openat->fstat->read->close->openat->fstat trace
[ 316.195724] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: exit syscall, fstat->read->close->openat->openat->write->exit trace
[ 316.195809] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: munmap syscall, read->close->openat->openat->write->exit->munmap trace
[ 316.195848] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: munmap syscall, close->openat->openat->write->exit->munmap->munmap trace
[ 316.195868] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: munmap syscall, openat->openat->write->exit->munmap->munmap->munmap trace
[ 316.195886] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: munmap syscall, openat->write->exit->munmap->munmap->munmap->munmap trace
[ 316.195898] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: munmap syscall, write->exit->munmap->munmap->munmap->munmap->munmap trace
[ 316.195914] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: munmap syscall, exit->munmap->munmap->munmap->munmap->munmap->munmap trace
[ 316.200656] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 316.200684] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 322.272949] Execve: /usr/bin/sudo, ./target
[ 322.285125] Execve: ./target, dXjO1qNOb3I3OFvlJKy2
[ 326.214490] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: mmap syscall, write->write->read->read->close->rename->mmap trace
[ 326.214516] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: mprotect syscall, write->read->read->close->rename->mmap->mprotect trace
[ 326.214559] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: mprotect syscall, read->read->close->rename->mmap->mprotect->mprotect trace
[ 326.215127] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, read->close->rename->mmap->mprotect->mprotect->write trace
[ 326.215286] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, close->rename->mmap->mprotect->mprotect->write->read trace
[ 326.215305] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, rename->mmap->mprotect->mprotect->write->read->write trace
[ 326.219021] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 326.219041] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 330.162970] Execve: /usr/bin/sudo, ./target
[ 330.175331] Execve: ./target, 7dM3nU58rlXLP8VhY7PQ
[ 330.175471] [+] Anomaly found: 7dM3nU58rlXLP8VhY7PQ: write syscall, fstat->brk->close->close->execve->read->write trace
[ 330.175496] [+] Anomaly found: 7dM3nU58rlXLP8VhY7PQ: write syscall, brk->close->close->execve->read->write->write trace
[ 330.175530] [+] Anomaly found: 7dM3nU58rlXLP8VhY7PQ: read syscall, close->close->execve->read->write->write->read trace
[ 330.175552] [+] Anomaly found: 7dM3nU58rlXLP8VhY7PQ: openat syscall, close->execve->read->write->write->read->openat trace
[ 330.175597] [+] Anomaly found: 7dM3nU58rlXLP8VhY7PQ: read syscall, execve->read->write->write->read->openat->read trace
[ 330.175737] [+] Anomaly found: 7dM3nU58rlXLP8VhY7PQ: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 330.175763] [+] Anomaly found: 7dM3nU58rlXLP8VhY7PQ: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 330.192580] [+] Anomaly found: 7dM3nU58rlXLP8VhY7PQ: exit syscall, mprotect->mprotect->mprotect->mprotect->mprotect->munmap->exit trace
[ 330.192684] Execve: /bin/sh, yarr
[ 330.192692] [+] Anomaly found: yarr: execve syscall, mprotect->mprotect->mprotect->mprotect->munmap->exit->execve trace
[ 330.193303] [+] Anomaly found: yarr: brk syscall, mprotect->mprotect->mprotect->munmap->exit->execve->brk trace
[ 330.193352] [+] Anomaly found: yarr: openat syscall, mprotect->mprotect->munmap->exit->execve->brk->openat trace
[ 330.193363] [+] Anomaly found: yarr: fstat syscall, mprotect->munmap->exit->execve->brk->openat->fstat trace
[ 330.193369] [+] Anomaly found: yarr: mmap syscall, munmap->exit->execve->brk->openat->fstat->mmap trace
[ 330.193377] [+] Anomaly found: yarr: close syscall, exit->execve->brk->openat->fstat->mmap->close trace
[ 330.194232] [+] Anomaly found: yarr: exit_group syscall, write->write->read->read->write->read->exit_group trace
[ 330.194355] [+] Anomaly found: yarr: write syscall, write->read->read->write->read->exit_group->write trace
[ 330.194374] [+] Anomaly found: yarr: read syscall, read->read->write->read->exit_group->write->read trace
[ 330.194381] [+] Anomaly found: yarr: read syscall, read->write->read->exit_group->write->read->read trace
[ 330.194393] [+] Anomaly found: yarr: wait4 syscall, write->read->exit_group->write->read->read->wait4 trace
[ 330.194437] [+] Anomaly found: yarr: close syscall, read->exit_group->write->read->read->wait4->close trace
[ 330.198107] [+] Anomaly found: yarr: clone syscall, close->close->munmap->munmap->read->openat->clone trace
[ 330.198165] [+] Anomaly found: yarr: read syscall, close->munmap->munmap->read->openat->clone->read trace
[ 330.198187] [+] Anomaly found: yarr: openat syscall, munmap->munmap->read->openat->clone->read->openat trace
[ 330.198244] [+] Anomaly found: yarr: exit syscall, munmap->read->openat->clone->read->openat->exit trace
[ 330.198317] [+] Anomaly found: yarr: openat syscall, openat->clone->read->openat->exit->read->openat trace
[ 330.198362] [+] Anomaly found: yarr: clone syscall, clone->read->openat->exit->read->openat->clone trace
[ 330.198401] [+] Anomaly found: yarr: read syscall, read->openat->exit->read->openat->clone->read trace
[ 330.198417] [+] Anomaly found: yarr: openat syscall, openat->exit->read->openat->clone->read->openat trace
[ 330.198470] [+] Anomaly found: yarr: exit syscall, exit->read->openat->clone->read->openat->exit trace
[ 330.198510] [+] Anomaly found: yarr: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 330.198540] [+] Anomaly found: yarr: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 330.201153] [+] Anomaly found: yarr: munmap syscall, openat->read->close->write->read->openat->munmap trace
[ 330.201189] [+] Anomaly found: yarr: munmap syscall, read->close->write->read->openat->munmap->munmap trace
[ 330.201208] [+] Anomaly found: yarr: munmap syscall, close->write->read->openat->munmap->munmap->munmap trace
[ 330.201227] [+] Anomaly found: yarr: munmap syscall, write->read->openat->munmap->munmap->munmap->munmap trace
[ 330.201240] [+] Anomaly found: yarr: munmap syscall, read->openat->munmap->munmap->munmap->munmap->munmap trace
[ 330.201256] [+] Anomaly found: yarr: munmap syscall, openat->munmap->munmap->munmap->munmap->munmap->munmap trace
[ 330.201552] [+] Anomaly found: yarr: exit syscall, munmap->munmap->munmap->munmap->munmap->exit_group->exit trace
[ 330.201600] [+] Anomaly found: yarr: clone syscall, munmap->munmap->munmap->munmap->exit_group->exit->clone trace
[ 330.201625] [+] Anomaly found: yarr: read syscall, munmap->munmap->munmap->exit_group->exit->clone->read trace
[ 330.201638] [+] Anomaly found: yarr: openat syscall, munmap->munmap->exit_group->exit->clone->read->openat trace
[ 330.201668] [+] Anomaly found: yarr: exit syscall, munmap->exit_group->exit->clone->read->openat->exit trace
[ 330.201690] [+] Anomaly found: yarr: clone syscall, exit_group->exit->clone->read->openat->exit->clone trace
[ 330.202010] [+] Anomaly found: yarr: wait4 syscall, read->openat->exit->clone->read->openat->wait4 trace
[ 330.202418] [+] Anomaly found: yarr: write syscall, openat->exit->clone->read->openat->wait4->write trace
[ 330.202456] [+] Anomaly found: yarr: write syscall, exit->clone->read->openat->wait4->write->write trace
[ 330.202463] [+] Anomaly found: yarr: read syscall, clone->read->openat->wait4->write->write->read trace
[ 330.202468] [+] Anomaly found: yarr: read syscall, read->openat->wait4->write->write->read->read trace
[ 330.202473] [+] Anomaly found: yarr: write syscall, openat->wait4->write->write->read->read->write trace
[ 330.203356] [+] Anomaly found: yarr: openat syscall, clone->read->openat->write->exit->read->openat trace
[ 330.203373] [+] Anomaly found: yarr: read syscall, read->openat->write->exit->read->openat->read trace
[ 330.203383] [+] Anomaly found: yarr: read syscall, openat->write->exit->read->openat->read->read trace
[ 330.203390] [+] Anomaly found: yarr: read syscall, write->exit->read->openat->read->read->read trace
[ 330.203396] [+] Anomaly found: yarr: openat syscall, exit->read->openat->read->read->read->openat trace
[ 330.204038] [+] Anomaly found: yarr: clone syscall, read->read->openat->read->close->write->clone trace
[ 330.204061] [+] Anomaly found: yarr: read syscall, read->openat->read->close->write->clone->read trace
[ 330.204073] [+] Anomaly found: yarr: openat syscall, openat->read->close->write->clone->read->openat trace
[ 330.204324] [+] Anomaly found: yarr: write syscall, read->close->write->clone->read->openat->write trace
[ 330.204407] [+] Anomaly found: yarr: read syscall, close->write->clone->read->openat->write->read trace
[ 330.207582] [+] Anomaly found: yarr: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 330.207604] [+] Anomaly found: yarr: read syscall, exit->clone->read->openat->read->openat->read trace
[ 330.211677] [+] Anomaly found: yarr: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 330.211704] [+] Anomaly found: yarr: read syscall, exit->clone->read->openat->read->openat->read trace
[ 339.139882] Execve: /usr/bin/sudo, ./target
[ 339.152499] Execve: ./target, lEiTPQ31HjpuxO3Gcn3m
[ 339.158806] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: brk syscall, read->openat->read->mprotect->munmap->brk->brk trace
[ 339.158830] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, openat->read->mprotect->munmap->brk->brk->openat trace
[ 339.160257] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 339.160282] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 347.469297] Execve: /usr/bin/sudo, ./target
[ 347.478808] Execve: ./target, saEmNjkM4hUXypeYtRTu
[ 347.478941] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, fstat->brk->close->close->execve->read->write trace
[ 347.478961] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, brk->close->close->execve->read->write->write trace
[ 347.479030] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, close->close->execve->read->write->write->read trace
[ 347.479052] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, close->execve->read->write->write->read->openat trace
[ 347.479095] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, execve->read->write->write->read->openat->read trace
[ 347.479228] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 347.479250] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 347.480478] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: close syscall, clone->read->openat->exit->clone->read->close trace
[ 347.480501] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mmap syscall, read->openat->exit->clone->read->close->mmap trace
[ 347.480540] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mmap syscall, openat->exit->clone->read->close->mmap->mmap trace
[ 347.480545] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mmap syscall, exit->clone->read->close->mmap->mmap->mmap trace
[ 347.480625] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: mprotect syscall, clone->read->close->mmap->mmap->mmap->mprotect trace
[ 347.496224] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: close syscall, clone->read->openat->exit->clone->read->close trace
[ 347.496255] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: fstat syscall, read->openat->exit->clone->read->close->fstat trace
[ 347.496268] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, openat->exit->clone->read->close->fstat->write trace
[ 347.496591] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, exit->clone->read->close->fstat->write->write trace
[ 347.496602] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, clone->read->close->fstat->write->write->read trace
[ 347.508425] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, write->write->read->read->write->read->clone trace
[ 347.508470] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, write->read->read->write->read->clone->read trace
[ 347.508492] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, read->read->write->read->clone->read->openat trace
[ 347.508536] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, read->write->read->clone->read->openat->exit trace
[ 347.508561] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, write->read->clone->read->openat->exit->clone trace
[ 347.508580] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, read->clone->read->openat->exit->clone->read trace
[ 349.828815] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: brk syscall, fstat->read->close->openat->openat->read->brk trace
[ 349.832387] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, munmap->munmap->munmap->munmap->read->openat->clone trace
[ 349.832422] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, munmap->munmap->munmap->read->openat->clone->read trace
[ 349.832434] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, munmap->munmap->read->openat->clone->read->openat trace
[ 349.832464] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, munmap->read->openat->clone->read->openat->exit trace
[ 349.832489] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 349.832507] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 349.842128] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit_group syscall, close->write->write->munmap->munmap->munmap->exit_group trace
[ 349.842580] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: wait4 syscall, write->write->munmap->munmap->munmap->exit_group->wait4 trace
[ 349.843522] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, write->munmap->munmap->munmap->exit_group->wait4->write trace
[ 349.845581] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, munmap->munmap->exit_group->wait4->write->read->openat trace
[ 349.845613] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, munmap->exit_group->wait4->write->read->openat->read trace
[ 349.845628] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, exit_group->wait4->write->read->openat->read->read trace
[ 349.846006] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, read->close->write->write->read->openat->exit trace
[ 349.846087] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, close->write->write->read->openat->exit->clone trace
[ 349.859675] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: brk syscall, openat->read->close->write->write->exit->brk trace
[ 349.860608] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: brk syscall, read->close->write->write->exit->brk->brk trace
[ 349.861554] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, close->write->write->exit->brk->brk->read trace
[ 349.861567] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, write->write->exit->brk->brk->read->read trace
[ 349.861573] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, write->exit->brk->brk->read->read->read trace
[ 349.861579] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, exit->brk->brk->read->read->read->read trace
[ 349.864391] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 349.864422] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 349.873709] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: brk syscall, openat->read->close->write->write->exit->brk trace
[ 349.874309] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: brk syscall, read->close->write->write->exit->brk->brk trace
[ 349.877867] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, close->write->write->exit->brk->brk->read trace
[ 349.877883] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, write->write->exit->brk->brk->read->read trace
[ 349.877892] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, write->exit->brk->brk->read->read->read trace
[ 349.877901] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, exit->brk->brk->read->read->read->read trace
[ 349.882444] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 349.882473] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 350.525245] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: fstat syscall, read->brk->write->openat->openat->fstat->fstat trace
[ 350.525253] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, brk->write->openat->openat->fstat->fstat->read trace
[ 350.537464] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, clone->read->openat->exit->clone->read->read trace
[ 350.537718] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, read->openat->exit->clone->read->read->read trace
[ 350.540371] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, openat->exit->clone->read->read->read->write trace
[ 350.540427] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, exit->clone->read->read->read->write->read trace
[ 350.540497] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, clone->read->read->read->write->read->write trace
[ 350.542911] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, read->openat->read->close->write->exit->clone trace
[ 350.542973] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, openat->read->close->write->exit->clone->read trace
[ 354.802638] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, mmap->mmap->mprotect->mmap->mmap->mmap->write trace
[ 354.802653] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, mmap->mprotect->mmap->mmap->mmap->write->write trace
[ 354.802656] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, mprotect->mmap->mmap->mmap->write->write->write trace
[ 354.802660] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, mmap->mmap->mmap->write->write->write->write trace
[ 354.802672] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, mmap->mmap->write->write->write->write->write trace
[ 354.802675] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, mmap->write->write->write->write->write->write trace
[ 354.808736] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: fstat syscall, read->read->write->read->read->write->fstat trace
[ 354.808844] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, read->write->read->read->write->fstat->clone trace
[ 354.808904] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, write->read->read->write->fstat->clone->read trace
[ 354.808931] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, read->read->write->fstat->clone->read->openat trace
[ 354.808990] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, read->write->fstat->clone->read->openat->exit trace
[ 354.809034] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, write->fstat->clone->read->openat->exit->clone trace
[ 354.818364] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, write->write->write->mmap->mprotect->mprotect->exit trace
[ 354.819043] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, write->write->mmap->mprotect->mprotect->exit->read trace
[ 354.819285] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, write->mmap->mprotect->mprotect->exit->read->read trace
[ 354.819296] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, mmap->mprotect->mprotect->exit->read->read->read trace
[ 354.819342] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, mprotect->exit->read->read->read->read->openat trace
[ 354.819364] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, exit->read->read->read->read->openat->read trace
[ 354.822826] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, read->read->read->read->write->read->clone trace
[ 354.822874] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, read->read->read->write->read->clone->read trace
[ 354.822896] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, read->read->write->read->clone->read->openat trace
[ 354.822944] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, read->write->read->clone->read->openat->exit trace
[ 354.822975] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, write->read->clone->read->openat->exit->clone trace
[ 354.822997] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, read->clone->read->openat->exit->clone->read trace
[ 354.823241] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 354.823262] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, exit->clone->read->openat->read->openat->read trace
[ 357.428104] Execve: /usr/bin/sudo, ./target
[ 357.438543] Execve: ./target, fDlhaTpGvo1QiiHKBWXV
[ 358.949343] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mmap syscall, mprotect->mprotect->mprotect->mprotect->mprotect->brk->mmap trace
[ 358.949367] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, mprotect->mprotect->mprotect->mprotect->brk->mmap->mprotect trace
[ 358.949409] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, mprotect->mprotect->mprotect->brk->mmap->mprotect->mprotect trace
[ 358.949869] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, mprotect->mprotect->brk->mmap->mprotect->mprotect->mprotect trace
[ 358.949897] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, mprotect->brk->mmap->mprotect->mprotect->mprotect->mprotect trace
[ 358.949991] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, brk->mmap->mprotect->mprotect->mprotect->mprotect->mprotect trace
[ 358.953388] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 358.953413] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 359.748940] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: brk syscall, munmap->munmap->munmap->munmap->munmap->exit_group->brk trace
[ 359.749642] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: wait4 syscall, munmap->munmap->munmap->munmap->exit_group->brk->wait4 trace
[ 359.751045] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, munmap->munmap->munmap->exit_group->brk->wait4->write trace
[ 359.751661] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, munmap->munmap->exit_group->brk->wait4->write->write trace
[ 359.751731] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, munmap->exit_group->brk->wait4->write->write->read trace
[ 359.752138] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, exit_group->brk->wait4->write->write->read->write trace
[ 359.752216] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, brk->wait4->write->write->read->write->write trace
[ 359.753896] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 359.753936] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 359.760353] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, clone->read->openat->exit->clone->write->read trace
[ 359.760490] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, read->openat->exit->clone->write->read->write trace
[ 359.760509] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, openat->exit->clone->write->read->write->read trace
[ 359.761105] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, exit->clone->write->read->write->read->read trace
[ 359.761129] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, clone->write->read->write->read->read->read trace
[ 359.788484] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: exit syscall, clone->read->openat->exit->clone->read->exit trace
[ 359.788865] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, read->openat->exit->clone->read->exit->read trace
[ 359.789112] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, openat->exit->clone->read->exit->read->openat trace
[ 359.790634] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, exit->clone->read->exit->read->openat->read trace
[ 359.790654] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, clone->read->exit->read->openat->read->read trace
[ 359.790664] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, read->exit->read->openat->read->read->read trace
[ 359.790670] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, exit->read->openat->read->read->read->read trace
[ 364.793378] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: write syscall, mmap->mprotect->mmap->mprotect->mprotect->mmap->write trace
[ 364.793412] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, mprotect->mmap->mprotect->mprotect->mmap->write->read trace
[ 364.794429] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, mmap->mprotect->mprotect->mmap->write->read->read trace
[ 364.794442] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, mprotect->mprotect->mmap->write->read->read->read trace
[ 364.794448] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, mprotect->mmap->write->read->read->read->read trace
[ 364.794453] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, mmap->write->read->read->read->read->read trace
[ 364.798070] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, exit->clone->read->openat->exit->clone->openat trace
[ 364.798086] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: fstat syscall, clone->read->openat->exit->clone->openat->fstat trace
[ 364.798091] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, read->openat->exit->clone->openat->fstat->read trace
[ 364.798114] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: close syscall, openat->exit->clone->openat->fstat->read->close trace
[ 364.798971] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, exit->clone->openat->fstat->read->close->read trace
[ 364.798984] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, clone->openat->fstat->read->close->read->read trace
[ 364.802911] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: exit syscall, read->close->write->write->read->openat->exit trace
[ 364.804308] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: clone syscall, close->write->write->read->openat->exit->clone trace
[ 365.911111] Execve: /usr/bin/sudo, ./target
[ 365.922894] Execve: ./target, EfoCLpTFE8D0s96V7fgs
[ 368.251974] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: wait4 syscall, mprotect->mprotect->read->write->read->read->wait4 trace
[ 368.252026] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: close syscall, mprotect->read->write->read->read->wait4->close trace
[ 368.256897] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, munmap->munmap->munmap->openat->read->openat->clone trace
[ 368.256943] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, munmap->munmap->openat->read->openat->clone->read trace
[ 368.256956] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, munmap->openat->read->openat->clone->read->openat trace
[ 368.257038] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: munmap syscall, read->openat->clone->read->openat->exit->munmap trace
[ 368.257078] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: munmap syscall, openat->clone->read->openat->exit->munmap->munmap trace
[ 368.257094] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: munmap syscall, clone->read->openat->exit->munmap->munmap->munmap trace
[ 368.257115] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: munmap syscall, read->openat->exit->munmap->munmap->munmap->munmap trace
[ 368.257135] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: munmap syscall, openat->exit->munmap->munmap->munmap->munmap->munmap trace
[ 368.257163] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: munmap syscall, exit->munmap->munmap->munmap->munmap->munmap->munmap trace
[ 368.257500] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, munmap->munmap->munmap->munmap->munmap->exit_group->clone trace
[ 368.257529] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, munmap->munmap->munmap->munmap->exit_group->clone->read trace
[ 368.257543] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, munmap->munmap->munmap->exit_group->clone->read->openat trace
[ 368.257572] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: exit syscall, munmap->munmap->exit_group->clone->read->openat->exit trace
[ 368.257597] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, munmap->exit_group->clone->read->openat->exit->clone trace
[ 368.257617] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, exit_group->clone->read->openat->exit->clone->read trace
[ 368.259823] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: wait4 syscall, read->openat->exit->clone->read->openat->wait4 trace
[ 368.260857] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, openat->exit->clone->read->openat->wait4->read trace
[ 368.260876] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, exit->clone->read->openat->wait4->read->read trace
[ 368.260886] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, clone->read->openat->wait4->read->read->read trace
[ 368.260903] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, read->openat->wait4->read->read->read->read trace
[ 368.260911] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, openat->wait4->read->read->read->read->read trace
[ 368.277824] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, clone->read->openat->exit->clone->write->read trace
[ 368.277847] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: write syscall, read->openat->exit->clone->write->read->write trace
[ 368.277856] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, openat->exit->clone->write->read->write->read trace
[ 368.278886] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, exit->clone->write->read->write->read->read trace
[ 368.280471] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, clone->write->read->write->read->read->read trace
[ 368.287933] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: exit syscall, read->close->write->write->read->openat->exit trace
[ 368.288038] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, close->write->write->read->openat->exit->clone trace
[ 368.288747] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 368.288787] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, exit->clone->read->openat->read->openat->read trace
[ 374.346872] Execve: /usr/bin/sudo, ./target
[ 374.352905] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: fstat syscall, fstat->read->write->write->write->write->fstat trace
[ 374.353027] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, read->write->write->write->write->fstat->read trace
[ 374.353050] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, write->write->write->write->fstat->read->openat trace
[ 374.353189] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, write->write->write->fstat->read->openat->clone trace
[ 374.353222] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, write->write->fstat->read->openat->clone->read trace
[ 374.353234] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, write->fstat->read->openat->clone->read->openat trace
[ 374.353266] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: exit syscall, fstat->read->openat->clone->read->openat->exit trace
[ 374.353289] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 374.353320] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 374.353416] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 374.353434] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, exit->clone->read->openat->read->openat->read trace
[ 374.357222] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, clone->read->openat->exit->clone->write->read trace
[ 374.357233] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, read->openat->exit->clone->write->read->read trace
[ 374.357238] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, openat->exit->clone->write->read->read->read trace
[ 374.357242] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, exit->clone->write->read->read->read->read trace
[ 374.357246] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, clone->write->read->read->read->read->read trace
[ 374.361580] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: write syscall, close->mprotect->mprotect->munmap->munmap->munmap->write trace
[ 374.361607] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, mprotect->mprotect->munmap->munmap->munmap->write->read trace
[ 374.361998] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: write syscall, mprotect->munmap->munmap->munmap->write->read->write trace
[ 374.362032] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: write syscall, munmap->munmap->munmap->write->read->write->write trace
[ 374.362039] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: write syscall, munmap->munmap->write->read->write->write->write trace
[ 374.362053] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, munmap->write->read->write->write->write->read trace
[ 374.363700] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: exit syscall, close->openat->fstat->mmap->munmap->close->exit trace
[ 374.363795] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, openat->fstat->mmap->munmap->close->exit->clone trace
[ 374.363836] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, fstat->mmap->munmap->close->exit->clone->read trace
[ 374.363856] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, mmap->munmap->close->exit->clone->read->openat trace
[ 374.363903] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: exit syscall, munmap->close->exit->clone->read->openat->exit trace
[ 374.363931] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, close->exit->clone->read->openat->exit->clone trace
[ 374.375465] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: exit syscall, read->fstat->mmap->mprotect->mmap->mmap->exit trace
[ 374.375561] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: write syscall, fstat->mmap->mprotect->mmap->mmap->exit->write trace
[ 374.376157] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: close syscall, mmap->mprotect->mmap->mmap->exit->write->close trace
[ 374.376191] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, mprotect->mmap->mmap->exit->write->close->openat trace
[ 374.376208] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: fstat syscall, mmap->mmap->exit->write->close->openat->fstat trace
[ 374.376215] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mmap syscall, mmap->exit->write->close->openat->fstat->mmap trace
[ 374.376226] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: close syscall, exit->write->close->openat->fstat->mmap->close trace
[ 374.379386] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, write->write->mprotect->mprotect->read->openat->clone trace
[ 374.379421] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, write->mprotect->mprotect->read->openat->clone->read trace
[ 374.379431] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, mprotect->mprotect->read->openat->clone->read->openat trace
[ 374.379482] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 374.379500] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 374.390585] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mprotect syscall, close->openat->fstat->mmap->munmap->close->mprotect trace
[ 374.390617] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mprotect syscall, openat->fstat->mmap->munmap->close->mprotect->mprotect trace
[ 374.390630] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mprotect syscall, fstat->mmap->munmap->close->mprotect->mprotect->mprotect trace
[ 374.390642] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mprotect syscall, mmap->munmap->close->mprotect->mprotect->mprotect->mprotect trace
[ 374.391442] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: close syscall, munmap->close->mprotect->mprotect->mprotect->mprotect->close trace
[ 374.394423] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: exit syscall, openat->read->close->write->write->write->exit trace
[ 374.395712] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: close syscall, read->close->write->write->write->exit->close trace
[ 374.395840] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, close->write->write->write->exit->close->clone trace
[ 374.396406] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, write->write->write->exit->close->clone->read trace
[ 374.396434] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, write->write->exit->close->clone->read->openat trace
[ 374.396490] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, write->exit->close->clone->read->openat->clone trace
[ 374.396522] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, exit->close->clone->read->openat->clone->read trace
[ 374.396595] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 374.396663] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 374.397290] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, exit->clone->read->openat->exit->read->openat trace
[ 374.397310] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, clone->read->openat->exit->read->openat->read trace
[ 374.397321] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, read->openat->exit->read->openat->read->read trace
[ 374.397328] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, openat->exit->read->openat->read->read->read trace
[ 374.397333] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: openat syscall, exit->read->openat->read->read->read->openat trace
[ 374.397919] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: clone syscall, read->openat->read->close->write->write->clone trace
[ 374.397953] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, openat->read->close->write->write->clone->read trace
[ 374.400833] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: close syscall, exit->clone->read->openat->exit->clone->close trace
[ 374.401924] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, clone->read->openat->exit->clone->close->read trace
[ 374.401937] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, read->openat->exit->clone->close->read->read trace
[ 374.401943] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, openat->exit->clone->close->read->read->read trace
[ 374.401948] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, exit->clone->close->read->read->read->read trace
[ 374.401953] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, clone->close->read->read->read->read->read trace
[ 374.405066] Execve: ./target, ANBMGkdd2EowBh3Sxc3K
[ 374.406344] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: write syscall, fstat->brk->close->close->execve->read->write trace
[ 374.406655] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: write syscall, brk->close->close->execve->read->write->write trace
[ 374.408109] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, close->close->execve->read->write->write->exit trace
[ 374.408212] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, close->execve->read->write->write->exit->clone trace
[ 374.408255] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, execve->read->write->write->exit->clone->read trace
[ 374.408716] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, exit->clone->read->openat->exit->read->openat trace
[ 374.408737] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, clone->read->openat->exit->read->openat->clone trace
[ 374.408754] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, read->openat->exit->read->openat->clone->read trace
[ 374.408762] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, openat->exit->read->openat->clone->read->openat trace
[ 374.408785] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, exit->read->openat->clone->read->openat->exit trace
[ 374.408804] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 374.408820] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 374.409212] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, clone->read->openat->exit->clone->read->read trace
[ 374.409220] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, read->openat->exit->clone->read->read->read trace
[ 374.409225] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, openat->exit->clone->read->read->read->read trace
[ 374.409229] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, exit->clone->read->read->read->read->read trace
[ 374.409233] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, clone->read->read->read->read->read->read trace
[ 374.415910] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, clone->read->openat->exit->clone->read->close trace
[ 374.415951] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mmap syscall, read->openat->exit->clone->read->close->mmap trace
[ 374.416007] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mmap syscall, openat->exit->clone->read->close->mmap->mmap trace
[ 374.416015] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mmap syscall, exit->clone->read->close->mmap->mmap->mmap trace
[ 374.416230] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mprotect syscall, clone->read->close->mmap->mmap->mmap->mprotect trace
[ 374.433836] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, clone->read->openat->exit->clone->write->read trace
[ 374.433914] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: write syscall, read->openat->exit->clone->write->read->write trace
[ 374.433919] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, openat->exit->clone->write->read->write->read trace
[ 374.433925] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, exit->clone->write->read->write->read->read trace
[ 374.433930] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: write syscall, clone->write->read->write->read->read->write trace
[ 374.440942] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, write->write->write->write->write->read->clone trace
[ 374.440990] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, write->write->write->write->read->clone->read trace
[ 374.441012] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, write->write->write->read->clone->read->openat trace
[ 374.441062] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, write->write->read->clone->read->openat->exit trace
[ 374.441094] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, write->read->clone->read->openat->exit->clone trace
[ 374.441116] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, read->clone->read->openat->exit->clone->read trace
[ 374.441400] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 374.441422] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, exit->clone->read->openat->read->openat->read trace
[ 374.447780] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, clone->read->openat->exit->clone->write->read trace
[ 374.447795] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, read->openat->exit->clone->write->read->read trace
[ 374.447803] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, openat->exit->clone->write->read->read->read trace
[ 374.447812] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, exit->clone->write->read->read->read->read trace
[ 374.447818] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, clone->write->read->read->read->read->read trace
[ 375.879851] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: write syscall, munmap->openat->fstat->mmap->close->munmap->write trace
[ 375.879883] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: write syscall, openat->fstat->mmap->close->munmap->write->write trace
[ 375.879891] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, fstat->mmap->close->munmap->write->write->read trace
[ 375.880016] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, mmap->close->munmap->write->write->read->read trace
[ 375.880023] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: write syscall, close->munmap->write->write->read->read->write trace
[ 375.880042] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, munmap->write->write->read->read->write->read trace
[ 375.889114] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, read->write->read->read->write->read->clone trace
[ 375.889161] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, write->read->read->write->read->clone->read trace
[ 375.889181] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, read->read->write->read->clone->read->openat trace
[ 375.889222] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, read->write->read->clone->read->openat->exit trace
[ 375.889247] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, write->read->clone->read->openat->exit->clone trace
[ 375.889266] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, read->clone->read->openat->exit->clone->read trace
[ 376.845730] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: wait4 syscall, read->write->read->write->read->read->wait4 trace
[ 376.845823] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, write->read->write->read->read->wait4->close trace
[ 376.853796] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, munmap->munmap->munmap->munmap->exit_group->read->openat trace
[ 376.853917] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, munmap->munmap->munmap->exit_group->read->openat->clone trace
[ 376.853984] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, munmap->munmap->exit_group->read->openat->clone->read trace
[ 376.854017] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, munmap->exit_group->read->openat->clone->read->openat trace
[ 376.854648] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, exit_group->read->openat->clone->read->openat->exit trace
[ 376.854805] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 376.854881] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 376.856309] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 376.856337] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, exit->clone->read->openat->read->openat->read trace
[ 376.860785] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: brk syscall, read->openat->exit->clone->read->openat->brk trace
[ 376.862860] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, openat->exit->clone->read->openat->brk->read trace
[ 376.862899] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, exit->clone->read->openat->brk->read->read trace
[ 376.862912] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, clone->read->openat->brk->read->read->read trace
[ 376.867227] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: wait4 syscall, exit->clone->read->openat->exit->clone->wait4 trace
[ 376.869229] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, clone->read->openat->exit->clone->wait4->read trace
[ 376.870695] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, read->openat->exit->clone->wait4->read->read trace
[ 376.871198] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, openat->exit->clone->wait4->read->read->read trace
[ 376.871223] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, exit->clone->wait4->read->read->read->read trace
[ 376.871234] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, clone->wait4->read->read->read->read->read trace
[ 376.884707] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, write->read->openat->write->write->brk->exit trace
[ 376.884817] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, read->openat->write->write->brk->exit->clone trace
[ 376.884865] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, openat->write->write->brk->exit->clone->read trace
[ 376.884891] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, write->write->brk->exit->clone->read->openat trace
[ 376.884951] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, write->brk->exit->clone->read->openat->exit trace
[ 376.884984] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, brk->exit->clone->read->openat->exit->clone trace
[ 376.888885] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: brk syscall, read->openat->read->close->write->write->brk trace
[ 376.889288] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: brk syscall, openat->read->close->write->write->brk->brk trace
[ 376.902432] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, exit->clone->read->openat->exit->clone->exit trace
[ 376.904790] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, clone->read->openat->exit->clone->exit->read trace
[ 376.904807] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, read->openat->exit->clone->exit->read->read trace
[ 376.904816] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, openat->exit->clone->exit->read->read->read trace
[ 376.904822] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, exit->clone->exit->read->read->read->read trace
[ 376.904829] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, clone->exit->read->read->read->read->read trace
[ 376.907530] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 376.907551] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 376.907890] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 376.907910] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, exit->clone->read->openat->read->openat->read trace
[ 376.937051] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, openat->read->close->write->write->read->exit trace
[ 376.940137] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, read->close->write->write->read->exit->read trace
[ 376.940184] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, close->write->write->read->exit->read->read trace
[ 376.940347] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, write->read->exit->read->read->read->openat trace
[ 376.940425] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, read->exit->read->read->read->openat->read trace
[ 376.940458] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, exit->read->read->read->openat->read->read trace
[ 376.943656] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, write->read->write->read->write->read->clone trace
[ 376.943702] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, read->write->read->write->read->clone->read trace
[ 376.943722] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, write->read->write->read->clone->read->openat trace
[ 376.943767] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, read->write->read->clone->read->openat->exit trace
[ 376.943799] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, write->read->clone->read->openat->exit->clone trace
[ 376.943820] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, read->clone->read->openat->exit->clone->read trace
[ 376.946932] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 376.946956] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, exit->clone->read->openat->read->openat->read trace
[ 376.963084] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: exit syscall, exit->clone->read->openat->exit->clone->exit trace
[ 376.963893] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, clone->read->openat->exit->clone->exit->read trace
[ 376.963906] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, read->openat->exit->clone->exit->read->read trace
[ 376.963912] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, openat->exit->clone->exit->read->read->read trace
[ 376.963917] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, exit->clone->exit->read->read->read->read trace
[ 376.963922] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, clone->exit->read->read->read->read->read trace
[ 376.965295] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 376.965318] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 383.154938] Execve: /usr/bin/sudo, ./target
[ 383.168843] Execve: ./target, iOjcP1MQc6LNmZiwE0z2
[ 385.452682] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: brk syscall, fstat->write->read->read->write->read->brk trace
[ 385.457752] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, write->write->read->openat->clone->write->read trace
[ 385.457798] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: write syscall, write->read->openat->clone->write->read->write trace
[ 385.457813] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: write syscall, read->openat->clone->write->read->write->write trace
[ 385.457831] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, openat->clone->write->read->write->write->read trace
[ 385.460295] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, clone->write->read->write->write->read->read trace
[ 385.473681] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, read->close->write->read->openat->write->exit trace
[ 385.473905] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, close->write->read->openat->write->exit->clone trace
[ 385.489034] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, exit->clone->read->openat->exit->clone->exit trace
[ 385.492171] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, clone->read->openat->exit->clone->exit->read trace
[ 385.492368] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, read->openat->exit->clone->exit->read->read trace
[ 385.492403] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, openat->exit->clone->exit->read->read->read trace
[ 385.492425] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, exit->clone->exit->read->read->read->read trace
[ 385.492441] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, clone->exit->read->read->read->read->read trace
[ 385.507880] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: brk syscall, read->openat->exit->clone->read->openat->brk trace
[ 385.508272] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: brk syscall, openat->exit->clone->read->openat->brk->brk trace
[ 385.510654] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, exit->clone->read->openat->brk->brk->exit trace
[ 385.510742] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, clone->read->openat->brk->brk->exit->clone trace
[ 385.510788] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, read->openat->brk->brk->exit->clone->read trace
[ 385.510811] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, openat->brk->brk->exit->clone->read->openat trace
[ 385.511782] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, brk->brk->exit->clone->read->openat->read trace
[ 385.511795] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, brk->exit->clone->read->openat->read->read trace
[ 385.520231] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: brk syscall, write->write->exit->clone->read->openat->brk trace
[ 385.520569] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: brk syscall, write->exit->clone->read->openat->brk->brk trace
[ 385.520698] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, exit->clone->read->openat->brk->brk->exit trace
[ 385.520766] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, clone->read->openat->brk->brk->exit->clone trace
[ 385.520812] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, read->openat->brk->brk->exit->clone->read trace
[ 385.520836] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, openat->brk->brk->exit->clone->read->openat trace
[ 385.520886] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, brk->brk->exit->clone->read->openat->exit trace
[ 385.520918] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, brk->exit->clone->read->openat->exit->clone trace
[ 385.537977] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, write->read->read->wait4->close->close->exit trace
[ 385.538043] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, read->read->wait4->close->close->exit->openat trace
[ 385.538062] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: fstat syscall, read->wait4->close->close->exit->openat->fstat trace
[ 385.538073] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, wait4->close->close->exit->openat->fstat->read trace
[ 385.538090] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, close->close->exit->openat->fstat->read->read trace
[ 385.538101] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, close->exit->openat->fstat->read->read->read trace
[ 385.538107] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: close syscall, exit->openat->fstat->read->read->read->close trace
[ 385.540637] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 385.540660] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 385.547125] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit_group syscall, read->openat->read->close->write->write->exit_group trace
[ 385.547746] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, openat->read->close->write->write->exit_group->read trace
[ 385.547759] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, read->close->write->write->exit_group->read->read trace
[ 385.547766] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, close->write->write->exit_group->read->read->read trace
[ 385.547773] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, write->write->exit_group->read->read->read->read trace
[ 385.547777] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, write->exit_group->read->read->read->read->read trace
[ 385.553636] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, read->openat->read->read->openat->exit->clone trace
[ 385.553698] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, openat->read->read->openat->exit->clone->read trace
[ 385.558197] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: wait4 syscall, clone->read->write->read->write->read->wait4 trace
[ 385.559460] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, write->read->write->read->wait4->close->exit trace
[ 385.559520] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, read->write->read->wait4->close->exit->openat trace
[ 385.559555] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, write->read->wait4->close->exit->openat->read trace
[ 385.559569] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, read->wait4->close->exit->openat->read->read trace
[ 385.559578] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, wait4->close->exit->openat->read->read->read trace
[ 385.559588] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, close->exit->openat->read->read->read->openat trace
[ 385.559603] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, exit->openat->read->read->read->openat->read trace
[ 385.564816] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: close syscall, exit->clone->read->openat->exit->clone->close trace
[ 385.564849] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: write syscall, clone->read->openat->exit->clone->close->write trace
[ 385.565248] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: write syscall, read->openat->exit->clone->close->write->write trace
[ 385.565913] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, openat->exit->clone->close->write->write->openat trace
[ 385.565992] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, exit->clone->close->write->write->openat->read trace
[ 385.568591] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, openat->read->close->write->read->openat->exit trace
[ 385.568691] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, read->close->write->read->openat->exit->clone trace
[ 385.568735] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, close->write->read->openat->exit->clone->read trace
[ 385.573209] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, read->openat->exit->clone->read->write->openat trace
[ 385.573321] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, openat->exit->clone->read->write->openat->read trace
[ 385.573334] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, exit->clone->read->write->openat->read->read trace
[ 385.573344] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, clone->read->write->openat->read->read->read trace
[ 385.580168] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, clone->read->openat->exit->clone->read->read trace
[ 385.580182] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, read->openat->exit->clone->read->read->read trace
[ 385.580301] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, openat->exit->clone->read->read->read->read trace
[ 385.580310] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, exit->clone->read->read->read->read->read trace
[ 385.580316] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, clone->read->read->read->read->read->read trace
[ 387.441964] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mprotect syscall, read->read->close->rename->mprotect->mprotect->mprotect trace
[ 387.441977] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mprotect syscall, read->close->rename->mprotect->mprotect->mprotect->mprotect trace
[ 387.442111] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mprotect syscall, close->rename->mprotect->mprotect->mprotect->mprotect->mprotect trace
[ 387.442122] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mprotect syscall, rename->mprotect->mprotect->mprotect->mprotect->mprotect->mprotect trace
[ 387.445191] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, openat->write->read->write->write->read->clone trace
[ 387.445237] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, write->read->write->write->read->clone->read trace
[ 387.445260] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, read->write->write->read->clone->read->openat trace
[ 387.445304] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, write->write->read->clone->read->openat->exit trace
[ 387.445331] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, write->read->clone->read->openat->exit->clone trace
[ 387.445349] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, read->clone->read->openat->exit->clone->read trace
[ 387.453699] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, read->close->write->write->mprotect->mprotect->exit trace
[ 387.454327] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mprotect syscall, close->write->write->mprotect->mprotect->exit->mprotect trace
[ 387.455235] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, mprotect->mprotect->exit->mprotect->mprotect->read->openat trace
[ 387.455261] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, mprotect->exit->mprotect->mprotect->read->openat->read trace
[ 387.455273] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, exit->mprotect->mprotect->read->openat->read->read trace
[ 391.436741] Execve: /usr/bin/sudo, ./target
[ 391.444172] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: fstat syscall, close->openat->read->close->mmap->mmap->fstat trace
[ 391.444242] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, openat->read->close->mmap->mmap->fstat->read trace
[ 391.444261] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, read->close->mmap->mmap->fstat->read->openat trace
[ 391.444298] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, close->mmap->mmap->fstat->read->openat->clone trace
[ 391.444328] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, mmap->mmap->fstat->read->openat->clone->read trace
[ 391.444367] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, fstat->read->openat->clone->read->openat->exit trace
[ 391.444392] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 391.444420] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 391.444781] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 391.444797] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, exit->clone->read->openat->read->openat->read trace
[ 391.456574] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: fstat syscall, read->read->read->write->read->exit->fstat trace
[ 391.456584] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mmap syscall, read->read->write->read->exit->fstat->mmap trace
[ 391.456607] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: munmap syscall, read->write->read->exit->fstat->mmap->munmap trace
[ 391.456619] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: close syscall, write->read->exit->fstat->mmap->munmap->close trace
[ 391.456637] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, read->exit->fstat->mmap->munmap->close->openat trace
[ 391.456646] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: fstat syscall, exit->fstat->mmap->munmap->close->openat->fstat trace
[ 391.461926] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, close->write->write->write->read->openat->clone trace
[ 391.462073] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 391.462100] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 391.474550] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, read->read->close->openat->fstat->read->exit trace
[ 391.474595] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, read->close->openat->fstat->read->exit->read trace
[ 391.474609] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: close syscall, close->openat->fstat->read->exit->read->close trace
[ 391.474617] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, openat->fstat->read->exit->read->close->openat trace
[ 391.474629] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: fstat syscall, fstat->read->exit->read->close->openat->fstat trace
[ 391.474635] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, read->exit->read->close->openat->fstat->read trace
[ 391.474645] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, exit->read->close->openat->fstat->read->read trace
[ 391.476661] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, openat->openat->write->close->clone->close->read trace
[ 391.476674] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, openat->write->close->clone->close->read->read trace
[ 391.476681] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, write->close->clone->close->read->read->read trace
[ 391.476686] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, close->clone->close->read->read->read->read trace
[ 391.476690] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, clone->close->read->read->read->read->read trace
[ 391.477432] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 391.477464] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 391.487947] Execve: ./target, H2mvQoIOuxb3syz45GA7
[ 391.488673] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: write syscall, fstat->brk->close->close->execve->read->write trace
[ 391.488706] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: write syscall, brk->close->close->execve->read->write->write trace
[ 391.488750] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, close->close->execve->read->write->write->read trace
[ 391.488776] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, close->execve->read->write->write->read->openat trace
[ 391.489986] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit syscall, execve->read->write->write->read->openat->exit trace
[ 391.491648] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: close syscall, write->write->read->openat->exit->read->close trace
[ 391.491797] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: mmap syscall, write->read->openat->exit->read->close->mmap trace
[ 391.491933] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: mmap syscall, read->openat->exit->read->close->mmap->mmap trace
[ 391.491946] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: mmap syscall, openat->exit->read->close->mmap->mmap->mmap trace
[ 391.492171] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, exit->read->close->mmap->mmap->mmap->read trace
[ 391.492283] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, close->mmap->mmap->mmap->read->openat->clone trace
[ 391.492322] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, mmap->mmap->mmap->read->openat->clone->read trace
[ 391.492335] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, mmap->mmap->read->openat->clone->read->openat trace
[ 391.492368] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit syscall, mmap->read->openat->clone->read->openat->exit trace
[ 391.492403] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 391.492424] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 391.492929] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 391.492949] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, exit->clone->read->openat->read->openat->read trace
[ 391.495960] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: mprotect syscall, exit->clone->read->openat->exit->clone->mprotect trace
[ 391.495989] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: mmap syscall, clone->read->openat->exit->clone->mprotect->mmap trace
[ 391.496034] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: mprotect syscall, read->openat->exit->clone->mprotect->mmap->mprotect trace
[ 391.496046] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: open syscall, openat->exit->clone->mprotect->mmap->mprotect->open trace
[ 391.496080] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, exit->clone->mprotect->mmap->mprotect->open->read trace
[ 391.496095] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: mmap syscall, clone->mprotect->mmap->mprotect->open->read->mmap trace
[ 391.503844] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit syscall, fstat->mmap->mprotect->mmap->close->mmap->exit trace
[ 391.503944] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, mmap->mprotect->mmap->close->mmap->exit->clone trace
[ 391.503987] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, mprotect->mmap->close->mmap->exit->clone->read trace
[ 391.504009] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, mmap->close->mmap->exit->clone->read->openat trace
[ 391.504063] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit syscall, close->mmap->exit->clone->read->openat->exit trace
[ 391.504092] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, mmap->exit->clone->read->openat->exit->clone trace
[ 391.513045] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit syscall, fstat->read->brk->brk->read->read->exit trace
[ 391.513457] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, read->brk->brk->read->read->exit->read trace
[ 391.513475] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, brk->brk->read->read->exit->read->read trace
[ 391.513704] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, brk->read->read->exit->read->read->read trace
[ 391.518859] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, write->write->read->read->write->read->clone trace
[ 391.518901] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, write->read->read->write->read->clone->read trace
[ 391.518921] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, read->read->write->read->clone->read->openat trace
[ 391.518964] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit syscall, read->write->read->clone->read->openat->exit trace
[ 391.518990] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, write->read->clone->read->openat->exit->clone trace
[ 391.519008] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, read->clone->read->openat->exit->clone->read trace
[ 393.336194] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: mmap syscall, mprotect->mprotect->brk->brk->brk->brk->mmap trace
[ 393.336237] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: mprotect syscall, mprotect->brk->brk->brk->brk->mmap->mprotect trace
[ 393.336288] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: mprotect syscall, brk->brk->brk->brk->mmap->mprotect->mprotect trace
[ 393.337103] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, brk->brk->brk->mmap->mprotect->mprotect->read trace
[ 393.337124] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, brk->brk->mmap->mprotect->mprotect->read->read trace
[ 393.337137] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, brk->mmap->mprotect->mprotect->read->read->read trace
[ 393.341893] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, write->write->write->read->read->read->clone trace
[ 393.341950] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, write->write->read->read->read->clone->read trace
[ 393.341973] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, write->read->read->read->clone->read->openat trace
[ 393.342021] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit syscall, read->read->read->clone->read->openat->exit trace
[ 393.342059] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, read->read->clone->read->openat->exit->clone trace
[ 393.342079] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, read->clone->read->openat->exit->clone->read trace
[ 393.937144] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: wait4 syscall, exit_group->write->read->write->read->read->wait4 trace
[ 393.937186] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: close syscall, write->read->write->read->read->wait4->close trace
[ 393.960765] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 393.960787] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 393.962826] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: close syscall, exit->clone->read->openat->exit->clone->close trace
[ 393.962913] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: close syscall, clone->read->openat->exit->clone->close->close trace
[ 393.963049] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: munmap syscall, read->openat->exit->clone->close->close->munmap trace
[ 393.963104] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: munmap syscall, openat->exit->clone->close->close->munmap->munmap trace
[ 393.963133] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: munmap syscall, exit->clone->close->close->munmap->munmap->munmap trace
[ 393.963163] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: munmap syscall, clone->close->close->munmap->munmap->munmap->munmap trace
[ 393.968513] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit syscall, openat->read->close->openat->read->read->exit trace
[ 393.968603] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, read->close->openat->read->read->exit->clone trace
[ 393.968646] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, close->openat->read->read->exit->clone->read trace
[ 393.970906] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: close syscall, openat->exit->clone->read->openat->read->close trace
[ 393.970947] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, exit->clone->read->openat->read->close->openat trace
[ 393.975328] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit syscall, openat->read->close->write->write->munmap->exit trace
[ 393.975417] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, read->close->write->write->munmap->exit->clone trace
[ 393.975459] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, close->write->write->munmap->exit->clone->read trace
[ 393.975481] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, write->write->munmap->exit->clone->read->openat trace
[ 393.975531] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit syscall, write->munmap->exit->clone->read->openat->exit trace
[ 393.975562] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, munmap->exit->clone->read->openat->exit->clone trace
[ 393.980891] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: write syscall, openat->read->close->write->munmap->munmap->write trace
[ 393.984054] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, read->close->write->munmap->munmap->write->read trace
[ 393.984095] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, close->write->munmap->munmap->write->read->openat trace
[ 393.984210] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit syscall, write->munmap->munmap->write->read->openat->exit trace
[ 393.984304] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, munmap->munmap->write->read->openat->exit->clone trace
[ 393.984349] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, munmap->write->read->openat->exit->clone->read trace
[ 393.988895] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: munmap syscall, read->read->openat->read->close->openat->munmap trace
[ 393.988982] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: munmap syscall, read->openat->read->close->openat->munmap->munmap trace
[ 393.989425] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: munmap syscall, openat->read->close->openat->munmap->munmap->munmap trace
[ 393.989460] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: munmap syscall, read->close->openat->munmap->munmap->munmap->munmap trace
[ 393.989698] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit_group syscall, close->openat->munmap->munmap->munmap->munmap->exit_group trace
[ 393.991773] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, openat->munmap->munmap->munmap->munmap->exit_group->read trace
[ 393.992071] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, munmap->munmap->munmap->munmap->exit_group->read->openat trace
[ 393.993614] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: wait4 syscall, munmap->munmap->munmap->exit_group->read->openat->wait4 trace
[ 393.994358] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, munmap->munmap->exit_group->read->openat->wait4->read trace
[ 393.994400] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, munmap->exit_group->read->openat->wait4->read->read trace
[ 393.994412] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, exit_group->read->openat->wait4->read->read->read trace
[ 393.994420] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, read->openat->wait4->read->read->read->read trace
[ 393.994428] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, openat->wait4->read->read->read->read->read trace
[ 394.000030] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, exit->clone->read->openat->exit->clone->openat trace
[ 394.000127] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, clone->read->openat->exit->clone->openat->read trace
[ 394.000141] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: close syscall, read->openat->exit->clone->openat->read->close trace
[ 394.000179] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, openat->exit->clone->openat->read->close->openat trace
[ 394.000237] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, exit->clone->openat->read->close->openat->read trace
[ 394.000256] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, clone->openat->read->close->openat->read->read trace
[ 394.006110] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit syscall, read->close->write->read->openat->write->exit trace
[ 394.006198] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, close->write->read->openat->write->exit->clone trace
[ 394.012600] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, clone->read->openat->exit->clone->read->read trace
[ 394.012615] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, read->openat->exit->clone->read->read->read trace
[ 394.012620] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, openat->exit->clone->read->read->read->read trace
[ 394.012627] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, exit->clone->read->read->read->read->read trace
[ 394.012633] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, clone->read->read->read->read->read->read trace
[ 394.035761] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit syscall, exit->clone->read->openat->exit->clone->exit trace
[ 394.039030] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: write syscall, clone->read->openat->exit->clone->exit->write trace
[ 394.039044] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, read->openat->exit->clone->exit->write->read trace
[ 394.039068] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: write syscall, openat->exit->clone->exit->write->read->write trace
[ 394.039076] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, exit->clone->exit->write->read->write->read trace
[ 394.040565] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, clone->exit->write->read->write->read->read trace
[ 394.043042] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, close->write->write->read->openat->write->clone trace
[ 394.043575] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 394.043593] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, exit->clone->read->openat->read->openat->read trace
[ 394.056900] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit syscall, openat->read->close->write->write->read->exit trace
[ 394.061088] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, read->close->write->write->read->exit->read trace
[ 394.061127] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, close->write->write->read->exit->read->read trace
[ 394.061224] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, read->exit->read->read->read->read->openat trace
[ 394.061472] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, exit->read->read->read->read->openat->openat trace
[ 394.064312] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, read->openat->read->close->write->write->clone trace
[ 394.064405] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, openat->read->close->write->write->clone->read trace
[ 394.066314] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 394.066341] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, exit->clone->read->openat->read->openat->read trace
[ 394.067809] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, exit->clone->read->openat->exit->read->openat trace
[ 394.067838] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, clone->read->openat->exit->read->openat->read trace
[ 394.067851] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, read->openat->exit->read->openat->read->read trace
[ 394.067859] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, openat->exit->read->openat->read->read->read trace
[ 394.067867] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, exit->read->openat->read->read->read->openat trace
[ 394.068843] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, read->openat->read->close->write->write->clone trace
[ 394.068895] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, openat->read->close->write->write->clone->read trace
[ 399.888153] Execve: /usr/bin/sudo, ./target
[ 399.895992] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: fstat syscall, read->fstat->mmap->mprotect->mmap->close->fstat trace
[ 399.896063] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, fstat->mmap->mprotect->mmap->close->fstat->read trace
[ 399.896082] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, mmap->mprotect->mmap->close->fstat->read->openat trace
[ 399.896124] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, mprotect->mmap->close->fstat->read->openat->clone trace
[ 399.896154] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, mmap->close->fstat->read->openat->clone->read trace
[ 399.896191] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit syscall, fstat->read->openat->clone->read->openat->exit trace
[ 399.896216] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 399.896243] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 399.896581] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, openat->exit->clone->read->openat->read->openat trace
[ 399.896598] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, exit->clone->read->openat->read->openat->read trace
[ 399.906214] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit syscall, mmap->close->openat->read->fstat->mmap->exit trace
[ 399.906453] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: write syscall, close->openat->read->fstat->mmap->exit->write trace
[ 399.906481] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: write syscall, openat->read->fstat->mmap->exit->write->write trace
[ 399.906504] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: write syscall, read->fstat->mmap->exit->write->write->write trace
[ 399.906524] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, fstat->mmap->exit->write->write->write->read trace
[ 399.906540] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, mmap->exit->write->write->write->read->read trace
[ 399.910883] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, close->close->fstat->read->read->openat->clone trace
[ 399.910931] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, close->fstat->read->read->openat->clone->read trace
[ 399.910948] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, fstat->read->read->openat->clone->read->openat trace
[ 399.911135] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, read->openat->clone->read->openat->exit->clone trace
[ 399.911170] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, openat->clone->read->openat->exit->clone->read trace
[ 399.912388] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, clone->read->openat->exit->clone->read->read trace
[ 399.912398] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, read->openat->exit->clone->read->read->read trace
[ 399.912402] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, openat->exit->clone->read->read->read->read trace
[ 399.912406] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, exit->clone->read->read->read->read->read trace
[ 399.912410] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, clone->read->read->read->read->read->read trace
[ 399.912931] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: exit syscall, openat->read->close->write->write->openat->exit trace
[ 399.912977] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: clone syscall, read->close->write->write->openat->exit->clone trace
[ 399.913000] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: read syscall, close->write->write->openat->exit->clone->read trace
[ 399.914537] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: openat syscall, exit->clone->read->openat->exit->clone->openat trace
[ 399.914627] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: fstat syscall, clone->read->openat->exit->clone->openat->fstat trace
[ 399.914637] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: mmap syscall, read->openat->exit->clone->openat->fstat->mmap trace
[ 399.914660] [+] Anomaly found: H2mvQoIOuxb3syz45GA7: munmap syscall, openat->exit->clone->openat->fstat->mmap->munmap trace
[ 399.921241] Execve: ./target, IBRNHiQTAMYfud7RonH9
[ 404.925810] Execve: /usr/bin/sudo, rmmod
[ 404.936009] Execve: /sbin/rmmod, hooks
[ 404.936212] [+] Anomaly found: hooks: brk syscall, brk->close->close->execve->read->close->brk trace
[ 404.936253] [+] Anomaly found: hooks: openat syscall, close->close->execve->read->close->brk->openat trace
[ 404.936260] [+] Anomaly found: hooks: fstat syscall, close->execve->read->close->brk->openat->fstat trace
[ 404.936264] [+] Anomaly found: hooks: mmap syscall, execve->read->close->brk->openat->fstat->mmap trace
[ 404.936270] [+] Anomaly found: hooks: close syscall, read->close->brk->openat->fstat->mmap->close trace
[ 404.936281] [+] Anomaly found: hooks: openat syscall, close->brk->openat->fstat->mmap->close->openat trace
[ 404.939151] [+] onunload: sys_call_table unhooked
[ 404.939196] DB nodes freed: 929
[ 404.939197] Syscalls counts: 2032646, Syscalls misses: 2781
[ 404.939198] Trace nodes freed: 7
[ 404.939199] Unloading complete!
Raw
hooks700.log
[ 1721.716816] Anomaly Detection (Kernel Hook) - Alastair Paragas
[ 1721.720954] Syscall table address: 00000000c0647077
[ 1721.720957] sizeof(unsigned long long *): 8
[ 1721.720957] sizeof(sys_call_table) : 8
[ 1739.267145] Execve: /usr/bin/sudo, ./target
[ 1739.277602] Execve: ./target, rJgVdaRJqFc7fiCE7Q6M
[ 1749.833779] Execve: /usr/bin/sudo, ./target
[ 1749.844489] Execve: ./target, DR8wEkyRevYXlZMWvmvg
[ 1760.763211] Execve: /usr/bin/sudo, ./target
[ 1760.771269] Execve: ./target, ZeFeXLPHJNzfEwFBrhiW
[ 1769.801780] Execve: /usr/bin/sudo, ./target
[ 1769.809782] Execve: ./target, 7K2WZ67HF4ETsMIyeOiU
[ 1771.637882] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 1 misses
[ 1771.637891] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 1 misses
[ 1771.637896] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 1 misses
[ 1771.638026] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: write syscall, 1 misses
[ 1771.638123] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 1 misses
[ 1771.638442] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 1 misses
[ 1771.638553] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: clone syscall, 2 misses
[ 1771.638588] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 2 misses
[ 1771.638597] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: openat syscall, 1 misses
[ 1771.638625] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: exit syscall, 1 misses
[ 1771.638793] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: exit syscall, 3 misses
[ 1771.638883] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: clone syscall, 4 misses
[ 1771.638909] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 3 misses
[ 1771.638953] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: exit syscall, 3 misses
[ 1771.638982] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: clone syscall, 4 misses
[ 1771.638998] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 3 misses
[ 1771.639028] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: exit syscall, 3 misses
[ 1771.639051] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: clone syscall, 4 misses
[ 1771.639065] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: read syscall, 3 misses
[ 1771.639092] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: exit syscall, 3 misses
[ 1771.639112] [+] Anomaly found: 7K2WZ67HF4ETsMIyeOiU: clone syscall, 4 misses
[ 1778.255162] Execve: /usr/bin/sudo, ./target
[ 1778.264574] Execve: ./target, vULPKZelg89oZAdN0epB
[ 1780.194854] [+] Anomaly found: vULPKZelg89oZAdN0epB: brk syscall, 3 misses
[ 1780.195657] [+] Anomaly found: vULPKZelg89oZAdN0epB: mprotect syscall, 6 misses
[ 1780.195682] [+] Anomaly found: vULPKZelg89oZAdN0epB: mprotect syscall, 7 misses
[ 1780.198305] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 6 misses
[ 1780.198337] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, 3 misses
[ 1780.198432] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 4 misses
[ 1780.198470] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 3 misses
[ 1780.198480] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, 2 misses
[ 1780.198508] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 2 misses
[ 1780.210926] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 3 misses
[ 1780.213770] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 3 misses
[ 1780.213796] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 2 misses
[ 1780.213926] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 2 misses
[ 1780.214024] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 2 misses
[ 1780.214029] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 2 misses
[ 1780.214041] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 2 misses
[ 1780.216377] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 2 misses
[ 1780.216420] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses
[ 1780.220479] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 2 misses
[ 1780.220961] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 2 misses
[ 1780.221009] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 2 misses
[ 1780.221018] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 2 misses
[ 1780.221031] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses
[ 1780.222463] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 1 misses
[ 1780.222563] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 1 misses
[ 1780.222594] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses
[ 1780.229672] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 2 misses
[ 1780.229680] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 2 misses
[ 1780.229692] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 2 misses
[ 1780.229743] [+] Anomaly found: vULPKZelg89oZAdN0epB: write syscall, 2 misses
[ 1780.229816] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses
[ 1780.230515] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 1 misses
[ 1780.230616] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 1 misses
[ 1780.230647] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses
[ 1780.232049] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 1 misses
[ 1780.232121] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 4 misses
[ 1780.232153] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 3 misses
[ 1780.232169] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, 2 misses
[ 1780.233913] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 2 misses
[ 1780.234255] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 4 misses
[ 1780.234294] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 3 misses
[ 1780.234313] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, 2 misses
[ 1780.235242] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 2 misses
[ 1780.235267] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses
[ 1780.235614] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 2 misses
[ 1780.235653] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 3 misses
[ 1780.235677] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 3 misses
[ 1780.235688] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, 2 misses
[ 1780.238037] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 1 misses
[ 1780.238120] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 1 misses
[ 1780.238157] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 1 misses
[ 1780.252525] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 5 misses
[ 1780.254010] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 4 misses
[ 1780.254038] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, 6 misses
[ 1780.254829] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 7 misses
[ 1780.254866] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 6 misses
[ 1780.254882] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, 5 misses
[ 1780.254916] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 4 misses
[ 1780.262542] [+] Anomaly found: vULPKZelg89oZAdN0epB: exit syscall, 5 misses
[ 1780.266198] [+] Anomaly found: vULPKZelg89oZAdN0epB: read syscall, 4 misses
[ 1780.266227] [+] Anomaly found: vULPKZelg89oZAdN0epB: openat syscall, 6 misses
[ 1780.267806] [+] Anomaly found: vULPKZelg89oZAdN0epB: clone syscall, 7 misses
[ 1790.240605] Execve: /usr/bin/sudo, ./target
[ 1790.251400] Execve: ./target, q4fw1kn34W19Ne7qpfZI
[ 1799.039112] Execve: /usr/bin/sudo, ./target
[ 1799.049565] Execve: ./target, Z08SXrUu9lhMVRVWZ0Pn
[ 1799.050400] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: execve syscall, 6 misses
[ 1799.050506] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: brk syscall, 5 misses
[ 1799.050538] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: openat syscall, 4 misses
[ 1799.050543] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: fstat syscall, 4 misses
[ 1799.050547] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: mmap syscall, 3 misses
[ 1799.050552] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: close syscall, 3 misses
[ 1799.050560] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: openat syscall, 2 misses
[ 1799.051444] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: exit_group syscall, 4 misses
[ 1799.051518] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: write syscall, 3 misses
[ 1799.051527] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 2 misses
[ 1799.051530] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 2 misses
[ 1799.051538] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: wait4 syscall, 1 misses
[ 1799.053294] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: openat syscall, 2 misses
[ 1799.053368] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 1 misses
[ 1799.053412] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: clone syscall, 1 misses
[ 1799.053442] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 1 misses
[ 1799.056820] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: clone syscall, 1 misses
[ 1799.056858] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 1 misses
[ 1799.070115] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: exit syscall, 3 misses
[ 1799.071762] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: write syscall, 3 misses
[ 1799.071904] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 3 misses
[ 1799.072744] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 3 misses
[ 1799.072771] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: openat syscall, 2 misses
[ 1799.074496] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: clone syscall, 2 misses
[ 1799.074539] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 2 misses
[ 1799.074560] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: openat syscall, 1 misses
[ 1799.148465] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: write syscall, 1 misses
[ 1799.148476] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 1 misses
[ 1799.148490] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: write syscall, 1 misses
[ 1799.148497] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 1 misses
[ 1799.148595] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 1 misses
[ 1799.148620] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: openat syscall, 2 misses
[ 1799.151102] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: clone syscall, 3 misses
[ 1799.151147] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 2 misses
[ 1799.151168] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: openat syscall, 1 misses
[ 1804.211386] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: clone syscall, 5 misses
[ 1804.211469] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: openat syscall, 6 misses
[ 1804.211484] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: fstat syscall, 6 misses
[ 1804.211489] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 5 misses
[ 1804.211499] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 4 misses
[ 1804.211504] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: close syscall, 3 misses
[ 1804.211606] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: clone syscall, 4 misses
[ 1804.211652] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: write syscall, 1 misses
[ 1804.211667] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 1 misses
[ 1804.212159] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: openat syscall, 1 misses
[ 1804.212182] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: fstat syscall, 2 misses
[ 1804.217230] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: clone syscall, 2 misses
[ 1804.217283] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 1 misses
[ 1804.217303] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: openat syscall, 1 misses
[ 1804.217345] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: exit syscall, 2 misses
[ 1804.217429] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: clone syscall, 3 misses
[ 1804.217453] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 3 misses
[ 1804.218798] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: openat syscall, 3 misses
[ 1804.218855] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: fstat syscall, 5 misses
[ 1804.218859] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 3 misses
[ 1804.218883] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: close syscall, 4 misses
[ 1804.222341] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 4 misses
[ 1804.222371] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: openat syscall, 2 misses
[ 1804.226697] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: exit syscall, 4 misses
[ 1804.227085] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: exit syscall, 9 misses
[ 1804.227198] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: clone syscall, 13 misses
[ 1804.227233] [+] Anomaly found: Z08SXrUu9lhMVRVWZ0Pn: read syscall, 10 misses
[ 1808.332952] Execve: /usr/bin/sudo, ./target
[ 1808.343120] Execve: ./target, A6WoRXruEMEz89YBRK4v
[ 1818.360120] Execve: /usr/bin/sudo, ./target
[ 1818.368310] Execve: ./target, GSHGSSQCtwnukMSFSMUo
[ 1819.706488] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 2 misses
[ 1819.706547] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 3 misses
[ 1819.706558] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 3 misses
[ 1819.706565] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 2 misses
[ 1819.706572] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 2 misses
[ 1819.706578] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 2 misses
[ 1819.706585] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.710769] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 2 misses
[ 1819.710860] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses
[ 1819.710878] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 1 misses
[ 1819.731702] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 3 misses
[ 1819.731739] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 4 misses
[ 1819.731751] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 4 misses
[ 1819.731758] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 3 misses
[ 1819.731764] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 2 misses
[ 1819.731771] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 2 misses
[ 1819.731777] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.735927] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 2 misses
[ 1819.735973] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses
[ 1819.735993] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 1 misses
[ 1819.736034] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 1 misses
[ 1819.736113] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 2 misses
[ 1819.736134] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses
[ 1819.740592] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.740610] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.740623] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.740633] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.740644] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.743671] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 3 misses
[ 1819.743819] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 5 misses
[ 1819.743856] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 4 misses
[ 1819.743875] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 3 misses
[ 1819.743923] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 1 misses
[ 1819.743951] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 2 misses
[ 1819.746665] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.746736] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.746752] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.746848] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.746863] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.751611] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 2 misses
[ 1819.752393] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 5 misses
[ 1819.752450] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 4 misses
[ 1819.752478] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 2 misses
[ 1819.756983] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: brk syscall, 4 misses
[ 1819.758397] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 3 misses
[ 1819.758431] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 2 misses
[ 1819.759734] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 3 misses
[ 1819.761357] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 4 misses
[ 1819.761439] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 3 misses
[ 1819.761462] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 2 misses
[ 1819.765847] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: brk syscall, 4 misses
[ 1819.766344] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 3 misses
[ 1819.766451] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 2 misses
[ 1819.766668] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 3 misses
[ 1819.766767] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 4 misses
[ 1819.766802] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 3 misses
[ 1819.766818] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 2 misses
[ 1819.782002] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: brk syscall, 4 misses
[ 1819.782401] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 3 misses
[ 1819.782441] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 4 misses
[ 1819.784917] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 6 misses
[ 1819.784976] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 5 misses
[ 1819.785003] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 4 misses
[ 1819.785060] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 2 misses
[ 1819.795413] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: brk syscall, 4 misses
[ 1819.796907] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 7 misses
[ 1819.798509] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 5 misses
[ 1819.798546] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 6 misses
[ 1819.800484] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 7 misses
[ 1819.800542] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 5 misses
[ 1819.800568] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 2 misses
[ 1819.806639] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 1 misses
[ 1819.808697] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses
[ 1819.810303] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses
[ 1819.810327] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 1 misses
[ 1819.810781] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.810809] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses
[ 1819.812020] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 2 misses
[ 1819.812063] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 2 misses
[ 1819.812084] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 2 misses
[ 1819.812256] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 1 misses
[ 1819.812301] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 3 misses
[ 1819.812324] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 2 misses
[ 1819.819767] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 3 misses
[ 1819.819803] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 3 misses
[ 1819.819824] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 3 misses
[ 1819.819829] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 2 misses
[ 1819.819833] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.819836] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.824596] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 2 misses
[ 1819.824687] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses
[ 1819.824725] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 1 misses
[ 1819.824865] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 1 misses
[ 1819.824933] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 1 misses
[ 1819.824965] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses
[ 1819.835264] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 2 misses
[ 1819.835306] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 3 misses
[ 1819.835331] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 3 misses
[ 1819.835349] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 2 misses
[ 1819.835364] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.835384] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.835403] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses
[ 1819.839885] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 2 misses
[ 1819.839924] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses
[ 1819.839940] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 1 misses
[ 1819.839979] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 1 misses
[ 1819.840007] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 2 misses
[ 1819.840025] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses
[ 1819.846918] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 3 misses
[ 1819.846955] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 4 misses
[ 1819.846964] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 4 misses
[ 1819.846971] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 3 misses
[ 1819.846977] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 2 misses
[ 1819.846984] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 2 misses
[ 1819.846990] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.851933] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 3 misses
[ 1819.852004] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 2 misses
[ 1819.852026] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 2 misses
[ 1819.852067] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 1 misses
[ 1819.852097] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 2 misses
[ 1819.852116] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 2 misses
[ 1819.858180] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.858235] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.858305] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1819.858483] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses
[ 1819.858508] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 1 misses
[ 1819.858554] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 2 misses
[ 1819.858654] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 4 misses
[ 1819.858686] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 3 misses
[ 1819.858696] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 2 misses
[ 1819.867193] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: exit syscall, 2 misses
[ 1820.363612] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: brk syscall, 1 misses
[ 1820.365043] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1820.365055] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses
[ 1820.365060] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses
[ 1820.365069] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: wait4 syscall, 3 misses
[ 1820.365100] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: close syscall, 1 misses
[ 1820.368460] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: write syscall, 1 misses
[ 1820.368493] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 1 misses
[ 1820.368706] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: munmap syscall, 3 misses
[ 1820.368735] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: munmap syscall, 4 misses
[ 1820.369017] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 4 misses
[ 1820.369037] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: openat syscall, 4 misses
[ 1820.369095] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: clone syscall, 6 misses
[ 1820.369127] [+] Anomaly found: GSHGSSQCtwnukMSFSMUo: read syscall, 4 misses
[ 1827.272901] Execve: /usr/bin/sudo, ./target
[ 1827.282166] Execve: ./target, hPgukk0ZQaDx2J5mb0hO
[ 1829.188080] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 1 misses
[ 1829.188092] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 1 misses
[ 1829.188098] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 1 misses
[ 1829.188101] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 1 misses
[ 1829.188105] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 1 misses
[ 1829.188238] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: write syscall, 1 misses
[ 1829.191143] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, 3 misses
[ 1829.191420] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 2 misses
[ 1829.191502] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: openat syscall, 2 misses
[ 1829.191675] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: exit syscall, 2 misses
[ 1829.194493] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: wait4 syscall, 2 misses
[ 1829.194537] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: close syscall, 1 misses
[ 1829.194594] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: close syscall, 1 misses
[ 1829.195595] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: exit syscall, 5 misses
[ 1829.195671] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, 8 misses
[ 1829.195707] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 6 misses
[ 1829.195725] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: openat syscall, 4 misses
[ 1829.195768] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: exit syscall, 4 misses
[ 1829.195804] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, 4 misses
[ 1829.197745] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: munmap syscall, 4 misses
[ 1829.197842] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: exit_group syscall, 9 misses
[ 1829.198032] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: exit syscall, 10 misses
[ 1829.198068] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, 10 misses
[ 1829.198089] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 7 misses
[ 1829.198100] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: openat syscall, 6 misses
[ 1829.198126] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: exit syscall, 5 misses
[ 1829.198161] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, 4 misses
[ 1829.198375] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: wait4 syscall, 3 misses
[ 1829.198767] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: write syscall, 3 misses
[ 1829.198795] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: exit syscall, 3 misses
[ 1829.198829] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, 4 misses
[ 1829.198850] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 3 misses
[ 1829.198861] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: openat syscall, 4 misses
[ 1829.198887] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: exit syscall, 4 misses
[ 1829.198912] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, 1 misses
[ 1829.200611] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: exit syscall, 6 misses
[ 1829.200692] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, 10 misses
[ 1829.200731] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: read syscall, 8 misses
[ 1829.200752] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: openat syscall, 6 misses
[ 1829.202237] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: exit syscall, 6 misses
[ 1829.202299] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, 4 misses
[ 1829.206093] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: exit syscall, 6 misses
[ 1829.206180] [+] Anomaly found: hPgukk0ZQaDx2J5mb0hO: clone syscall, 10 misses
[ 1835.269284] Execve: /usr/bin/sudo, ./target
[ 1835.277776] Execve: ./target, dXjO1qNOb3I3OFvlJKy2
[ 1837.242868] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, 1 misses
[ 1837.245196] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, 1 misses
[ 1837.245346] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, 1 misses
[ 1837.245357] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, 1 misses
[ 1837.245378] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: wait4 syscall, 1 misses
[ 1837.245450] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: close syscall, 1 misses
[ 1837.247296] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: clone syscall, 1 misses
[ 1837.249072] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: close syscall, 1 misses
[ 1837.252841] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: exit_group syscall, 2 misses
[ 1837.263398] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, 2 misses
[ 1837.263422] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, 2 misses
[ 1837.263599] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, 2 misses
[ 1837.263639] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, 2 misses
[ 1837.263647] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: write syscall, 1 misses
[ 1837.271342] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: wait4 syscall, 1 misses
[ 1837.273721] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: exit syscall, 2 misses
[ 1837.273837] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: clone syscall, 4 misses
[ 1837.273879] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: read syscall, 3 misses
[ 1837.273900] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: openat syscall, 2 misses
[ 1837.273948] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: exit syscall, 3 misses
[ 1837.273977] [+] Anomaly found: dXjO1qNOb3I3OFvlJKy2: clone syscall, 4 misses
[ 1843.506971] Execve: /usr/bin/sudo, ./target
[ 1843.518891] Execve: ./target, 7dM3nU58rlXLP8VhY7PQ
[ 1843.519740] Execve: /bin/sh, yarr
[ 1843.519748] [+] Anomaly found: yarr: execve syscall, 6 misses
[ 1843.519856] [+] Anomaly found: yarr: brk syscall, 5 misses
[ 1843.519888] [+] Anomaly found: yarr: openat syscall, 4 misses
[ 1843.519894] [+] Anomaly found: yarr: fstat syscall, 4 misses
[ 1843.519898] [+] Anomaly found: yarr: mmap syscall, 3 misses
[ 1843.519902] [+] Anomaly found: yarr: close syscall, 3 misses
[ 1843.519911] [+] Anomaly found: yarr: openat syscall, 2 misses
[ 1843.520370] [+] Anomaly found: yarr: exit_group syscall, 2 misses
[ 1843.520427] [+] Anomaly found: yarr: write syscall, 2 misses
[ 1843.520436] [+] Anomaly found: yarr: read syscall, 2 misses
[ 1843.520439] [+] Anomaly found: yarr: read syscall, 2 misses
[ 1843.520445] [+] Anomaly found: yarr: wait4 syscall, 1 misses
[ 1843.520470] [+] Anomaly found: yarr: close syscall, 1 misses
[ 1852.345450] Execve: /usr/bin/sudo, ./target
[ 1852.350936] [+] Anomaly found: yarr: fstat syscall, 1 misses
[ 1852.351053] [+] Anomaly found: yarr: read syscall, 1 misses
[ 1852.351074] [+] Anomaly found: yarr: openat syscall, 1 misses
[ 1852.351134] [+] Anomaly found: yarr: clone syscall, 3 misses
[ 1852.351168] [+] Anomaly found: yarr: read syscall, 2 misses
[ 1852.351208] [+] Anomaly found: yarr: exit syscall, 1 misses
[ 1852.352911] [+] Anomaly found: yarr: mmap syscall, 4 misses
[ 1852.353443] [+] Anomaly found: yarr: mprotect syscall, 5 misses
[ 1852.353472] [+] Anomaly found: yarr: mprotect syscall, 6 misses
[ 1852.353494] [+] Anomaly found: yarr: mprotect syscall, 8 misses
[ 1852.353893] [+] Anomaly found: yarr: mprotect syscall, 10 misses
[ 1852.353907] [+] Anomaly found: yarr: mprotect syscall, 5 misses
[ 1852.356197] [+] Anomaly found: yarr: clone syscall, 1 misses
[ 1852.361449] [+] Anomaly found: yarr: mprotect syscall, 1 misses
[ 1852.361490] [+] Anomaly found: yarr: mprotect syscall, 2 misses
[ 1852.361556] [+] Anomaly found: yarr: mprotect syscall, 3 misses
[ 1852.361567] [+] Anomaly found: yarr: mprotect syscall, 4 misses
[ 1852.361579] [+] Anomaly found: yarr: munmap syscall, 5 misses
[ 1852.361710] [+] Anomaly found: yarr: brk syscall, 6 misses
[ 1852.363795] [+] Anomaly found: yarr: clone syscall, 1 misses
[ 1852.363835] [+] Anomaly found: yarr: read syscall, 1 misses
[ 1852.365792] [+] Anomaly found: yarr: mmap syscall, 3 misses
[ 1852.365836] [+] Anomaly found: yarr: close syscall, 3 misses
[ 1852.365876] [+] Anomaly found: yarr: openat syscall, 3 misses
[ 1852.366264] [+] Anomaly found: yarr: read syscall, 3 misses
[ 1852.366494] [+] Anomaly found: yarr: openat syscall, 1 misses
[ 1852.368374] [+] Anomaly found: yarr: exit syscall, 3 misses
[ 1852.368485] [+] Anomaly found: yarr: clone syscall, 6 misses
[ 1852.368526] [+] Anomaly found: yarr: read syscall, 6 misses
[ 1852.368545] [+] Anomaly found: yarr: openat syscall, 4 misses
[ 1852.368590] [+] Anomaly found: yarr: exit syscall, 3 misses
[ 1852.368626] [+] Anomaly found: yarr: clone syscall, 3 misses
[ 1852.371972] [+] Anomaly found: yarr: close syscall, 1 misses
[ 1852.372082] [+] Anomaly found: yarr: openat syscall, 1 misses
[ 1852.372342] [+] Anomaly found: yarr: read syscall, 1 misses
[ 1852.374955] [+] Anomaly found: yarr: exit syscall, 2 misses
[ 1852.392265] Execve: ./target, lEiTPQ31HjpuxO3Gcn3m
[ 1854.421418] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: wait4 syscall, 2 misses
[ 1854.421953] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, 2 misses
[ 1854.422012] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, 2 misses
[ 1854.422020] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 2 misses
[ 1854.422027] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 2 misses
[ 1854.422033] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, 1 misses
[ 1854.447698] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mprotect syscall, 1 misses
[ 1854.447762] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mprotect syscall, 2 misses
[ 1854.448040] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mprotect syscall, 3 misses
[ 1861.174069] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: wait4 syscall, 1 misses
[ 1861.174132] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: close syscall, 1 misses
[ 1861.174140] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 1 misses
[ 1861.174143] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: close syscall, 1 misses
[ 1861.174182] Execve: /usr/bin/sudo, ./target
[ 1861.180382] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: fstat syscall, 1 misses
[ 1861.180478] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, 3 misses
[ 1861.180523] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 3 misses
[ 1861.180542] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, 3 misses
[ 1861.180581] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, 3 misses
[ 1861.180610] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, 4 misses
[ 1861.180638] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 3 misses
[ 1861.182044] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: fstat syscall, 3 misses
[ 1861.182123] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 2 misses
[ 1861.182147] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, 2 misses
[ 1861.182155] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 2 misses
[ 1861.182160] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: fstat syscall, 2 misses
[ 1861.189465] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, 1 misses
[ 1861.192935] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mprotect syscall, 4 misses
[ 1861.193784] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 3 misses
[ 1861.194045] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, 2 misses
[ 1861.195212] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: write syscall, 2 misses
[ 1861.195286] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 2 misses
[ 1861.195337] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, 2 misses
[ 1861.196403] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mprotect syscall, 4 misses
[ 1861.196492] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: munmap syscall, 6 misses
[ 1861.196542] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, 4 misses
[ 1861.196558] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 4 misses
[ 1861.196565] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: fstat syscall, 6 misses
[ 1861.196574] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: mmap syscall, 4 misses
[ 1861.201328] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, 2 misses
[ 1861.201442] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: clone syscall, 3 misses
[ 1861.201481] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 1 misses
[ 1861.201499] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, 1 misses
[ 1861.201545] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: exit syscall, 2 misses
[ 1861.202303] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: fstat syscall, 3 misses
[ 1861.202309] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 2 misses
[ 1861.202316] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: close syscall, 3 misses
[ 1861.202335] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: openat syscall, 3 misses
[ 1861.202343] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: fstat syscall, 2 misses
[ 1861.202843] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: fstat syscall, 1 misses
[ 1861.202848] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 1 misses
[ 1861.202854] [+] Anomaly found: lEiTPQ31HjpuxO3Gcn3m: read syscall, 1 misses
[ 1861.203826] Execve: ./target, saEmNjkM4hUXypeYtRTu
[ 1863.132971] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: brk syscall, 1 misses
[ 1863.141049] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, 1 misses
[ 1863.162978] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, 3 misses
[ 1863.164607] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, 2 misses
[ 1863.164635] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, 2 misses
[ 1863.166732] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, 2 misses
[ 1863.166809] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, 1 misses
[ 1863.178915] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: close syscall, 1 misses
[ 1863.180603] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, 1 misses
[ 1863.180630] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, 2 misses
[ 1863.181970] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, 2 misses
[ 1863.182027] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, 2 misses
[ 1863.182129] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, 2 misses
[ 1863.182303] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: wait4 syscall, 4 misses
[ 1863.182679] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, 2 misses
[ 1863.182729] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, 2 misses
[ 1863.182758] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, 1 misses
[ 1863.183002] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, 2 misses
[ 1863.183064] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, 2 misses
[ 1863.183139] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, 2 misses
[ 1863.187428] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: close syscall, 1 misses
[ 1863.187451] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: close syscall, 1 misses
[ 1863.187491] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, 1 misses
[ 1863.187659] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: fstat syscall, 3 misses
[ 1863.187764] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, 3 misses
[ 1863.187827] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, 1 misses
[ 1863.190771] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, 1 misses
[ 1863.191593] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: close syscall, 1 misses
[ 1863.191665] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: munmap syscall, 1 misses
[ 1863.191701] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: munmap syscall, 2 misses
[ 1863.193078] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, 1 misses
[ 1863.193154] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, 1 misses
[ 1863.193194] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, 1 misses
[ 1863.193238] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, 1 misses
[ 1863.193285] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, 1 misses
[ 1863.193629] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, 1 misses
[ 1863.194018] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, 1 misses
[ 1863.195338] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: wait4 syscall, 3 misses
[ 1863.195746] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: write syscall, 3 misses
[ 1863.195778] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, 3 misses
[ 1863.195818] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, 3 misses
[ 1863.195840] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: read syscall, 3 misses
[ 1863.195851] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: openat syscall, 4 misses
[ 1863.195881] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, 4 misses
[ 1863.195910] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, 1 misses
[ 1863.198398] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, 1 misses
[ 1863.203657] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: exit syscall, 1 misses
[ 1863.204300] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, 1 misses
[ 1863.206025] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, 1 misses
[ 1863.206339] [+] Anomaly found: saEmNjkM4hUXypeYtRTu: clone syscall, 1 misses
[ 1869.808698] Execve: /usr/bin/sudo, ./target
[ 1869.820675] Execve: ./target, fDlhaTpGvo1QiiHKBWXV
[ 1869.821925] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: brk syscall, 1 misses
[ 1869.821941] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 1 misses
[ 1874.222606] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: close syscall, 1 misses
[ 1874.222624] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: rename syscall, 3 misses
[ 1874.223404] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 3 misses
[ 1874.224227] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 3 misses
[ 1874.224253] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 4 misses
[ 1874.224353] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: clone syscall, 4 misses
[ 1874.224392] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 2 misses
[ 1874.224401] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 2 misses
[ 1874.230114] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, 4 misses
[ 1874.230239] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, 5 misses
[ 1874.231200] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 4 misses
[ 1874.231228] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 4 misses
[ 1874.231305] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: exit syscall, 4 misses
[ 1874.231394] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: clone syscall, 2 misses
[ 1874.235153] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, 4 misses
[ 1874.235253] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 3 misses
[ 1874.235281] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 2 misses
[ 1874.235410] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, 4 misses
[ 1874.235998] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, 6 misses
[ 1874.236049] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: exit syscall, 4 misses
[ 1874.237722] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, 4 misses
[ 1874.239431] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 3 misses
[ 1874.239524] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 2 misses
[ 1874.240342] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: exit syscall, 2 misses
[ 1874.240451] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: clone syscall, 2 misses
[ 1874.240488] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 1 misses
[ 1874.243580] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, 4 misses
[ 1874.243707] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, 5 misses
[ 1874.247139] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 4 misses
[ 1874.247197] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 4 misses
[ 1874.247318] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: exit syscall, 4 misses
[ 1874.248114] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, 3 misses
[ 1874.248254] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, 2 misses
[ 1874.248417] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, 3 misses
[ 1874.248431] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, 4 misses
[ 1874.248665] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: clone syscall, 5 misses
[ 1874.248702] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 5 misses
[ 1874.248720] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 1 misses
[ 1874.248758] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: exit syscall, 1 misses
[ 1874.248786] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: clone syscall, 1 misses
[ 1874.248803] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: read syscall, 1 misses
[ 1874.248863] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: rename syscall, 4 misses
[ 1874.248898] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: fstat syscall, 7 misses
[ 1874.248921] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 6 misses
[ 1874.250389] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: close syscall, 5 misses
[ 1874.250413] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 6 misses
[ 1874.250499] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: fstat syscall, 7 misses
[ 1874.250523] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 3 misses
[ 1874.252706] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: fstat syscall, 1 misses
[ 1874.252751] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 1 misses
[ 1874.252766] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: close syscall, 1 misses
[ 1874.252819] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: fstat syscall, 1 misses
[ 1874.252826] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mmap syscall, 1 misses
[ 1874.255211] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: clone syscall, 4 misses
[ 1874.255252] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: rename syscall, 8 misses
[ 1874.255291] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: fstat syscall, 7 misses
[ 1874.255318] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 8 misses
[ 1874.258097] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: close syscall, 7 misses
[ 1874.258121] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 6 misses
[ 1874.258172] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: fstat syscall, 6 misses
[ 1874.258194] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 3 misses
[ 1874.259781] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: exit syscall, 3 misses
[ 1874.259972] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: fstat syscall, 5 misses
[ 1874.260009] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 5 misses
[ 1874.260022] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: close syscall, 5 misses
[ 1874.260068] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: fstat syscall, 6 misses
[ 1874.260074] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mmap syscall, 6 misses
[ 1874.262778] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: munmap syscall, 6 misses
[ 1874.262943] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: munmap syscall, 1 misses
[ 1874.264234] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, 3 misses
[ 1874.264272] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, 6 misses
[ 1874.264423] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, 8 misses
[ 1874.264449] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, 10 misses
[ 1874.264492] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, 8 misses
[ 1874.264506] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: mprotect syscall, 5 misses
[ 1874.270389] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: fstat syscall, 1 misses
[ 1874.270402] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: fstat syscall, 1 misses
[ 1874.270408] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: close syscall, 2 misses
[ 1874.270425] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: munmap syscall, 2 misses
[ 1874.270509] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: fstat syscall, 3 misses
[ 1874.270514] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: fstat syscall, 3 misses
[ 1874.270519] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: close syscall, 2 misses
[ 1874.270528] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 2 misses
[ 1874.270541] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: fstat syscall, 2 misses
[ 1874.270614] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: fstatat syscall, 3 misses
[ 1874.270646] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: fstat syscall, 2 misses
[ 1874.270653] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: close syscall, 2 misses
[ 1874.270658] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 2 misses
[ 1874.270679] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: close syscall, 1 misses
[ 1874.270685] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: fstatat syscall, 1 misses
[ 1874.270692] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 1 misses
[ 1874.270697] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: fstat syscall, 1 misses
[ 1874.270702] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: close syscall, 1 misses
[ 1874.270705] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: openat syscall, 1 misses
[ 1874.270715] [+] Anomaly found: fDlhaTpGvo1QiiHKBWXV: close syscall, 1 misses
[ 1874.312071] general protection fault: 0000 [#2] SMP PTI
[ 1874.312076] CPU: 0 PID: 279 Comm: systemd-journal Tainted: G D OE 5.3.0-51-generic #44~18.04.2-Ubuntu
[ 1874.312077] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[ 1874.312081] RIP: 0010:insert_syscall_trace.part.2+0x26/0x150 [hooks]
[ 1874.312083] Code: 0f 1f 40 00 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 55 41 54 49 89 f6 53 49 89 ff 41 89 cc 41 89 d5 48 83 ec 08 48 8b 5f 10 <48> 8b 76 08 48 89 df e8 3e fe ff ff 48 85 c0 41 8d 4c 24 ff 74 2b
[ 1874.312084] RSP: 0000:ffff95960020feb8 EFLAGS: 00010296
[ 1874.312085] RAX: 0000000000000001 RBX: ffff89b826f41be0 RCX: 0000000000000007
[ 1874.312087] RDX: 0000000000000000 RSI: 955f5373a5ac7fe8 RDI: ffff89b826f41ae0
[ 1874.312087] RBP: ffff95960020fee8 R08: ffff89b89fc2f000 R09: ffff89b89f401c40
[ 1874.312088] R10: 00000000000000ca R11: 000000000000bb5e R12: 0000000000000007
[ 1874.312089] R13: 0000000000000000 R14: 955f5373a5ac7fe8 R15: ffff89b826f41ae0
[ 1874.312091] FS: 00007f1a05fcd940(0000) GS:ffff89b89fc00000(0000) knlGS:0000000000000000
[ 1874.312092] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1874.312093] CR2: 00007f1a05feb010 CR3: 0000000117a40006 CR4: 00000000000606f0
[ 1874.312096] Call Trace:
[ 1874.312129] insert_syscall+0x125/0x190 [hooks]
[ 1874.312132] new_clone+0x19/0x30 [hooks]
[ 1874.312135] do_syscall_64+0x5a/0x130
[ 1874.312138] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 1874.312140] RIP: 0033:0x7f1a05af8881
[ 1874.312142] Code: 48 85 ff 74 3d 48 85 f6 74 38 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 7c 13 74 01 c3 31 ed 58 5f ff d0 48 89 c7 b8 3c 00 00 00
[ 1874.312143] RSP: 002b:00007ffebc271b18 EFLAGS: 00000202 ORIG_RAX: 0000000000000038
[ 1874.312144] RAX: ffffffffffffffda RBX: 00007f1a01502700 RCX: 00007f1a05af8881
[ 1874.312145] RDX: 00007f1a015029d0 RSI: 00007f1a01501db0 RDI: 00000000003d0f00
[ 1874.312146] RBP: 00007ffebc271bf0 R08: 00007f1a01502700 R09: 00007f1a01502700
[ 1874.312146] R10: 00007f1a015029d0 R11: 0000000000000202 R12: 00007f1a01501dc0
[ 1874.312147] R13: 0000000000000000 R14: 000055b386bbc970 R15: 00007ffebc271b80
[ 1874.312149] Modules linked in: hooks(OE) isofs vboxsf(OE) crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 crypto_simd cryptd glue_helper vboxvideo(OE) ttm input_leds drm_kms_helper joydev serio_raw drm fb_sys_fops syscopyarea sysfillrect sysimgblt vboxguest(OE) video sch_fq_codel parport_pc ppdev lp parport ip_tables x_tables autofs4 hid_generic usbhid hid psmouse ahci libahci e1000 [last unloaded: hooks]
[ 1874.312196] ---[ end trace 2492f6e847b52be5 ]---
[ 1874.312199] RIP: 0010:new_read+0x28/0x30 [hooks]
[ 1874.312200] Code: 00 00 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb 48 c7 c7 8c 83 42 c0 e8 57 f9 ff ff 48 89 df 48 8b 05 f5 19 00 00 e8 d8 92 5d ee <5b> 5d c3 0f 1f 44 00 00 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb 48
[ 1874.312201] RSP: 0018:ffff95960070bf20 EFLAGS: 00010292
[ 1874.312202] RAX: 0000000000000b2e RBX: ffff95960070bf58 RCX: 0000000000000000
[ 1874.312203] RDX: ffff89b896de8000 RSI: 0000000000000001 RDI: ffff89b896db0000
[ 1874.312204] RBP: ffff95960070bf28 R08: 0000000000000000 R09: 0000000000000000
[ 1874.312204] R10: ffff95960070be90 R11: 0000000040000000 R12: ffff95960070bf58
[ 1874.312205] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1874.312206] FS: 00007f1a05fcd940(0000) GS:ffff89b89fc00000(0000) knlGS:0000000000000000
[ 1874.312207] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1874.312208] CR2: 00007f1a05feb010 CR3: 0000000117a40006 CR4: 00000000000606f0
[ 1874.316651] printk: journal-offline: 102594 output lines suppressed due to ratelimiting
[ 1874.320616] systemd[1]: systemd-journald.service: Service has no hold-off time, scheduling restart.
[ 1874.320680] systemd[1]: systemd-journald.service: Scheduled restart job, restart counter is at 1.
[ 1874.321050] systemd[1]: Stopped Flush Journal to Persistent Storage.
[ 1874.321082] systemd[1]: Stopping Flush Journal to Persistent Storage...
[ 1874.321088] systemd[1]: Stopped Journal Service.
[ 1874.321221] [+] mkdir() called ===> directory //system.slice/systemd-journald.service/ made
[ 1874.321256] [+] mkdir() called ===> directory //system.slice/systemd-journald.service/ made
[ 1874.321291] [+] mkdir() called ===> directory //system.slice/systemd-journald.service/ made
[ 1874.321318] [+] mkdir() called ===> directory //system.slice/systemd-journald.service/ made
[ 1874.322664] systemd[1]: Starting Journal Service...
[ 1874.390021] systemd-journald[15932]: File /var/log/journal/f5d19c218ad3441fa090b98687efded0/system.journal corrupted or uncleanly shut down, renaming and replacing.
[ 1874.415998] systemd[1]: Started Journal Service.
[ 1874.416380] [+] mkdir() called ===> directory //system.slice/systemd-journal-flush.service/ made
[ 1874.416412] [+] mkdir() called ===> directory //system.slice/systemd-journal-flush.service/ made
[ 1874.416444] [+] mkdir() called ===> directory //system.slice/systemd-journal-flush.service/ made
[ 1874.416471] [+] mkdir() called ===> directory //system.slice/systemd-journal-flush.service/ made
[ 1874.418229] [+] mkdir() called ===> directory //system.slice/systemd-user-sessions.service/ made
[ 1874.418268] [+] mkdir() called ===> directory //system.slice/systemd-user-sessions.service/ made
[ 1874.418307] [+] mkdir() called ===> directory //system.slice/systemd-user-sessions.service/ made
[ 1874.418337] [+] mkdir() called ===> directory //system.slice/systemd-user-sessions.service/ made
[ 1874.418644] [+] mkdir() called ===> directory //system.slice/systemd-tmpfiles-setup.service/ made
[ 1874.418670] [+] mkdir() called ===> directory //system.slice/systemd-tmpfiles-setup.service/ made
[ 1874.418697] [+] mkdir() called ===> directory //system.slice/systemd-tmpfiles-setup.service/ made
[ 1874.418808] [+] mkdir() called ===> directory //system.slice/systemd-tmpfiles-setup.service/ made
[ 1874.424967] Execve: /bin/journalctl, --flush
[ 1878.554678] Execve: /usr/bin/sudo, ./target
[ 1878.562545] Execve: ./target, EfoCLpTFE8D0s96V7fgs
[ 1881.983831] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mprotect syscall, 1 misses
[ 1881.995707] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: fstat syscall, 1 misses
[ 1881.995718] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: fstat syscall, 1 misses
[ 1881.995721] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, 1 misses
[ 1882.008500] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mprotect syscall, 2 misses
[ 1882.009136] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: mprotect syscall, 4 misses
[ 1882.010810] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: exit syscall, 4 misses
[ 1882.011256] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: read syscall, 4 misses
[ 1882.011386] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: write syscall, 4 misses
[ 1882.011493] [+] Anomaly found: EfoCLpTFE8D0s96V7fgs: write syscall, 2 misses
[ 1887.155683] Execve: /usr/bin/sudo, ./target
[ 1887.166916] Execve: ./target, ANBMGkdd2EowBh3Sxc3K
[ 1887.167465] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: write syscall, 1 misses
[ 1887.167483] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: read syscall, 2 misses
[ 1887.167763] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: write syscall, 3 misses
[ 1887.167790] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: write syscall, 4 misses
[ 1887.167795] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: write syscall, 5 misses
[ 1887.174529] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, 1 misses
[ 1887.174571] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mmap syscall, 1 misses
[ 1887.174631] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mmap syscall, 3 misses
[ 1887.174639] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mmap syscall, 5 misses
[ 1887.174736] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mprotect syscall, 2 misses
[ 1896.064492] Execve: /usr/bin/sudo, ./target
[ 1896.069046] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: munmap syscall, 2 misses
[ 1896.069142] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, 2 misses
[ 1896.069157] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: fstat syscall, 2 misses
[ 1896.069161] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: mmap syscall, 2 misses
[ 1896.069184] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: munmap syscall, 2 misses
[ 1896.069193] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, 1 misses
[ 1896.073866] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, 1 misses
[ 1896.073884] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, 2 misses
[ 1896.073888] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: close syscall, 2 misses
[ 1896.073893] [+] Anomaly found: ANBMGkdd2EowBh3Sxc3K: openat syscall, 2 misses
[ 1896.073978] Execve: ./target, iOjcP1MQc6LNmZiwE0z2
[ 1896.076200] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, 1 misses
[ 1896.076227] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, 2 misses
[ 1896.076303] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mmap syscall, 3 misses
[ 1896.088058] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: brk syscall, 3 misses
[ 1896.088143] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, 2 misses
[ 1896.089156] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: fstat syscall, 1 misses
[ 1896.089213] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, 1 misses
[ 1896.089241] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, 1 misses
[ 1896.089946] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mmap syscall, 2 misses
[ 1896.090819] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: exit syscall, 1 misses
[ 1896.090907] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: clone syscall, 2 misses
[ 1896.090945] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: read syscall, 2 misses
[ 1896.090966] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: openat syscall, 2 misses
[ 1896.094290] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: fstat syscall, 1 misses
[ 1896.094301] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mmap syscall, 1 misses
[ 1896.094322] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mmap syscall, 3 misses
[ 1896.094331] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mprotect syscall, 3 misses
[ 1896.094341] [+] Anomaly found: iOjcP1MQc6LNmZiwE0z2: mmap syscall, 3 misses
[ 1903.915811] Execve: /usr/bin/sudo, ./target
[ 1903.923452] Execve: ./target, H2mvQoIOuxb3syz45GA7
[ 1914.654439] Execve: /usr/bin/sudo, ./target
[ 1914.662683] Execve: ./target, IBRNHiQTAMYfud7RonH9
[ 1914.663051] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: read syscall, 1 misses
[ 1914.663056] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: close syscall, 2 misses
[ 1914.663073] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: mmap syscall, 2 misses
[ 1914.663105] [+] Anomaly found: IBRNHiQTAMYfud7RonH9: mmap syscall, 3 misses
[ 1920.253563] Execve: /usr/bin/sudo, rmmod
[ 1920.264998] Execve: /sbin/rmmod, hooks
[ 1920.265211] [+] Anomaly found: hooks: brk syscall, 1 misses
[ 1920.265248] [+] Anomaly found: hooks: openat syscall, 1 misses
[ 1920.265255] [+] Anomaly found: hooks: fstat syscall, 2 misses
[ 1920.265259] [+] Anomaly found: hooks: mmap syscall, 3 misses
[ 1920.269595] [+] onunload: sys_call_table unhooked
[ 1920.269642] DB nodes freed: 1095
[ 1920.269643] Syscalls counts: 2068749, Syscalls misses: 2760
[ 1920.269644] Trace nodes freed: 7
[ 1920.269644] Unloading complete!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment