Three-layer JavaScript payload obfuscation

Wave 2 postinstall.js (~13 KB, entropy ~5.46) layers obfuscator.io output, a custom base64 alphabet, and an integer-shuffle string table. Statically recoverable by alphabet remapping; decodes to the same oob.moika.tech and X-Secret constants Wave 1 used in cleartext. Matches SafeDep YARA rules dynamic_require_double_obscured (critical), js_char_code_at_substitution, js_hex_obfuscation. Distinguishes Wave 2 from Wave 1's plaintext payload and represents an evasion upgrade by the same operator.