Don't install it — it's malware.
internal/config.js looks like a config file but it's not. It's JavaScript running server-side with a 3-second delay
(setTimeout), wrapped in an empty try/catch so if it crashes you see nothing in the console.
It takes 20 hardcoded Base64 strings, concatenates them, decodes them, then XOR's the result against the key
"xc2TVOyF0hPc8V0qOUBRr". That output gets passed straight into new Function() — which is just eval(). Arbitrary code
execution at runtime.
1 var _sesPool229 = new Function(_resBuf221);
2 _sesPool229();
No legit FiveM script needs to hide behind Base64 + XOR + dynamic execution with a delay. A normal license check or
telemetry call would sit in plain text like the rest of the resource.
They also buried it in fxmanifest.lua behind ~250 spaces of whitespace padding — if you don't scroll to the end of
the line, you won't see it:
1 --[[ 'server/sv_core.lua' ]]
'internal/config.js',
The original dev doesn't do that. Someone injected this and didn't want it found.