After formatted, we noticed the notification from Visual Studio Code:
In fact, this function will return the parameter we passed to it.
We also found a function called “hpd” which has never been called.
So, after removed such obfuscations, we get the following code(only shows main part):
But, as for the second image, we still need to find out which string will each function return, so it’s time to use Internet Explorer 😉
After function resolve and string replace, we get the following code(only shows main part):
After doing these steps, we finally get the following code(I also provided some comments):
X-Sec Antivirus Detection: