On install they decrypt Fernet encrypted code, which loads further code from https://funcaptcha[.]ru/paste2?package=asyncioo (replace the parameter with the package name).
I was blocked from accessing that code (am on mobile right now, so I don't have the means to investigate for real, Fernet decryption was already fun :abloblamp: ).
